[GH-ISSUE #4394] tmpfs doesn't mount in home directory #2647

New issue

Closed

opened 2026-05-05 09:18:37 -06:00 by gitea-mirror · 3 comments

gitea-mirror commented 2026-05-05 09:18:37 -06:00

Owner

Copy link

Originally created by @seonwoolee on GitHub (Jul 10, 2021).
Original GitHub issue: https://github.com/netblue30/firejail/issues/4394

Bug and expected behavior
According to the man page, I should be able to mount a tmpfs filesystem on any directory inside my user home directory, without having to run as root. However, I get these warnings

Warning: you are not allowed to mount a tmpfs on /home/seonwoo/.config/Lightcord/Cache
Warning: you are not allowed to mount a tmpfs on /home/seonwoo/.config/Lightcord/Code Cache
Warning: you are not allowed to mount a tmpfs on /home/seonwoo/.config/Lightcord/GPUCache

Lightcord is just another Discord client. I copied the discord profile and modified it.

Reproduce
/home/seonwoo/.config/firejail/lightcord.local

nosound
novideo

/home/seonwoo/.config/firejail/lightcord.profile

# Firejail profile for discord
# This file is overwritten after every install/update
# Persistent local customizations
include lightcord.local
# Persistent global definitions
include globals.local

noblacklist ${HOME}/.config/lightcord
noblacklist ${HOME}/.config/Lightcord
noblacklist ${HOME}/.config/Lightcord_BD

mkdir ${HOME}/.config/lightcord
mkdir ${HOME}/.config/Lightcord
mkdir ${HOME}/.config/Lightcord_BD
whitelist ${HOME}/.config/lightcord
whitelist ${HOME}/.config/Lightcord
whitelist ${HOME}/.config/Lightcord_BD
tmpfs ${HOME}/.config/Lightcord/Cache
tmpfs ${HOME}/.config/Lightcord/Code Cache
tmpfs ${HOME}/.config/Lightcord/GPUCache

private-bin lightcord
private-opt lightcord

# Redirect
include lightcord-common.profile

/home/seonwoo/.config/firejail/lightcord-common.profile

# Firejail profile for discord
# This file is overwritten after every install/update
# Persistent local customizations
include lightcord-common.local
# Persistent global definitions
# added by caller profile
#include globals.local

ignore noexec ${HOME}

include disable-common.inc
include disable-devel.inc
include disable-exec.inc
include disable-passwdmgr.inc
include disable-programs.inc

#whitelist ${DOWNLOADS}
whitelist ${HOME}/.config/BetterDiscord
whitelist ${HOME}/.local/share/betterdiscordctl
whitelist /tmp/Lightcord
include whitelist-common.inc
include whitelist-var-common.inc

caps.drop all
netfilter
nodvd
nogroups
nonewprivs
noroot
notv
nou2f
novideo
protocol unix,inet,inet6,netlink
seccomp !chroot

private-bin bash,cut,echo,egrep,fish,grep,head,sed,sh,tclsh,tr,xdg-mime,xdg-open,zsh
private-dev
private-etc alternatives,ca-certificates,crypto-policies,fonts,group,ld.so.cache,localtime,login.defs,machine-id,password,pki,resolv.conf,ssl
private-tmp

Environment

• Arch Linux

firejail version 0.9.66

Compile time support:
	- always force nonewprivs support is disabled
	- AppArmor support is enabled
	- AppImage support is enabled
	- chroot support is enabled
	- D-BUS proxy support is enabled
	- file and directory whitelisting support is enabled
	- file transfer support is enabled
	- firetunnel support is enabled
	- networking support is enabled
	- output logging is enabled
	- overlayfs support is disabled
	- private-home support is enabled
	- private-cache and tmpfs as user enabled
	- SELinux support is disabled
	- user namespace support is enabled
	- X11 sandboxing support is enabled

Additional context
Apparmor has been enabled as well

Checklist

• The profile (and redirect profile if exists) hasn't already been fixed upstream.
• The program has a profile. (If not, request one in https://github.com/netblue30/firejail/issues/1139)
• I have performed a short search for similar issues (to avoid opening a duplicate).
• If it is a AppImage, --profile=PROFILENAME is used to set the right profile.
• Used LC_ALL=en_US.UTF-8 LANG=en_US.UTF-8 PROGRAM to get english error-messages.
• I'm aware of browser-allow-drm yes/browser-disable-u2f no in firejail.config to allow DRM/U2F in browsers.
• This is not a question. Questions should be asked in https://github.com/netblue30/firejail/discussions.

debug output

Autoselecting /bin/bash as shell
Building quoted command line: '/usr/bin/lightcord' 
Command name #lightcord#
Found lightcord.profile profile in /home/seonwoo/.config/firejail directory
Reading profile /home/seonwoo/.config/firejail/lightcord.profile
Found lightcord.local profile in /home/seonwoo/.config/firejail directory
Reading profile /home/seonwoo/.config/firejail/lightcord.local
Found globals.local profile in /home/seonwoo/.config/firejail directory
Reading profile /home/seonwoo/.config/firejail/globals.local
Found lightcord-common.profile profile in /home/seonwoo/.config/firejail directory
Reading profile /home/seonwoo/.config/firejail/lightcord-common.profile
Found disable-common.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-common.inc
Found disable-devel.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-devel.inc
Found disable-exec.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-exec.inc
Found disable-passwdmgr.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-passwdmgr.inc
Found disable-programs.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-programs.inc
Found whitelist-common.inc profile in /etc/firejail directory
Reading profile /etc/firejail/whitelist-common.inc
Found whitelist-var-common.inc profile in /etc/firejail directory
Reading profile /etc/firejail/whitelist-var-common.inc
Warning: Warning: NVIDIA card detected, nogroups command disabled
[profile] combined protocol list: "unix,inet,inet6,netlink"
Seccomp list in: !chroot, check list: @default-keep, prelist: unknown,
DISPLAY=:0.0 parsed as 0
Using the local network stack
Parent pid 2192114, child pid 2192115
Initializing child process
Host network configured
PID namespace installed
Mounting tmpfs on /run/firejail/mnt directory
Creating empty /run/firejail/mnt/seccomp directory
Creating empty /run/firejail/mnt/seccomp/seccomp.protocol file
Creating empty /run/firejail/mnt/seccomp/seccomp.postexec file
Creating empty /run/firejail/mnt/seccomp/seccomp.postexec32 file
IBUS_ADDRESS=unix:abstract=/tmp/dbus-BJS6Qv7B,guid=2018a1045b938f329cdc97075252c3a2
IBUS_DAEMON_PID=6623
Build protocol filter: unix,inet,inet6,netlink
sbox run: /run/firejail/lib/fseccomp protocol build unix,inet,inet6,netlink /run/firejail/mnt/seccomp/seccomp.protocol 
Dropping all capabilities
Drop privileges: pid 2, uid 1000, gid 100, nogroups 1
No supplementary groups
Mounting /proc filesystem representing the PID namespace
Basic read-only filesystem:
Mounting read-only /etc
1705 129 0:25 /etc /etc ro,relatime master:1 - zfs zroot/enc/perm/root rw,xattr,posixacl
mountid=1705 fsname=/etc dir=/etc fstype=zfs
Mounting noexec /etc
1706 1705 0:25 /etc /etc ro,nosuid,nodev,noexec,relatime master:1 - zfs zroot/enc/perm/root rw,xattr,posixacl
mountid=1706 fsname=/etc dir=/etc fstype=zfs
Mounting read-only /var
1931 1707 0:81 / /var/lib/nfs/rpc_pipefs rw,relatime master:179 - rpc_pipefs sunrpc rw
mountid=1931 fsname=/ dir=/var/lib/nfs/rpc_pipefs fstype=rpc_pipefs
Mounting read-only /var/lib/systemd/coredump
1932 1708 0:41 / /var/lib/systemd/coredump ro,noatime master:22 - zfs zroot/enc/ephem/no-repl/coredump rw,xattr,posixacl
mountid=1932 fsname=/ dir=/var/lib/systemd/coredump fstype=zfs
Mounting read-only /var/tmp
1933 1709 0:42 / /var/tmp ro,noatime master:23 - zfs zroot/enc/ephem/no-repl/var/tmp rw,xattr,posixacl
mountid=1933 fsname=/ dir=/var/tmp fstype=zfs
Mounting read-only /var/log
2046 1710 0:43 / /var/log ro,noatime master:25 - zfs zroot/enc/ephem/no-repl/var/log rw,xattr,posixacl
mountid=2046 fsname=/ dir=/var/log fstype=zfs
Mounting read-only /var/cache
2047 1711 0:45 / /var/cache ro,noatime master:27 - zfs zroot/enc/ephem/no-repl/var/cache rw,xattr,posixacl
mountid=2047 fsname=/ dir=/var/cache fstype=zfs
Mounting read-only /var/lib/docker
2048 1712 0:47 / /var/lib/docker ro,noatime master:28 - zfs zroot/enc/ephem/no-repl/docker rw,xattr,posixacl
mountid=2048 fsname=/ dir=/var/lib/docker fstype=zfs
Mounting read-only /var/lib/nfs/rpc_pipefs
2287 1931 0:81 / /var/lib/nfs/rpc_pipefs ro,relatime master:179 - rpc_pipefs sunrpc rw
mountid=2287 fsname=/ dir=/var/lib/nfs/rpc_pipefs fstype=rpc_pipefs
Mounting noexec /var
2975 2974 0:81 / /var/lib/nfs/rpc_pipefs ro,relatime master:179 - rpc_pipefs sunrpc rw
mountid=2975 fsname=/ dir=/var/lib/nfs/rpc_pipefs fstype=rpc_pipefs
Mounting noexec /var/lib/systemd/coredump
2976 2402 0:41 / /var/lib/systemd/coredump ro,nosuid,nodev,noexec,noatime master:22 - zfs zroot/enc/ephem/no-repl/coredump rw,xattr,posixacl
mountid=2976 fsname=/ dir=/var/lib/systemd/coredump fstype=zfs
Mounting noexec /var/tmp
3089 2404 0:42 / /var/tmp ro,nosuid,nodev,noexec,noatime master:23 - zfs zroot/enc/ephem/no-repl/var/tmp rw,xattr,posixacl
mountid=3089 fsname=/ dir=/var/tmp fstype=zfs
Mounting noexec /var/log
3090 2646 0:43 / /var/log ro,nosuid,nodev,noexec,noatime master:25 - zfs zroot/enc/ephem/no-repl/var/log rw,xattr,posixacl
mountid=3090 fsname=/ dir=/var/log fstype=zfs
Mounting noexec /var/cache
3091 2760 0:45 / /var/cache ro,nosuid,nodev,noexec,noatime master:27 - zfs zroot/enc/ephem/no-repl/var/cache rw,xattr,posixacl
mountid=3091 fsname=/ dir=/var/cache fstype=zfs
Mounting noexec /var/lib/docker
3336 2762 0:47 / /var/lib/docker ro,nosuid,nodev,noexec,noatime master:28 - zfs zroot/enc/ephem/no-repl/docker rw,xattr,posixacl
mountid=3336 fsname=/ dir=/var/lib/docker fstype=zfs
Mounting noexec /var/lib/nfs/rpc_pipefs
3337 2975 0:81 / /var/lib/nfs/rpc_pipefs ro,nosuid,nodev,noexec,relatime master:179 - rpc_pipefs sunrpc rw
mountid=3337 fsname=/ dir=/var/lib/nfs/rpc_pipefs fstype=rpc_pipefs
Mounting read-only /usr
Mounting tmpfs on /var/lock
Mounting tmpfs on /var/tmp
Mounting tmpfs on /var/log
Create the new utmp file
Mount the new utmp file
Cleaning /home directory
Cleaning /run/user directory
Sanitizing /etc/passwd, UID_MIN 1000
Sanitizing /etc/group, GID_MIN 1000
Disable /home/seonwoo/.config/firejail
Disable /run/firejail/network
Disable /run/firejail/bandwidth
Disable /run/firejail/name
Disable /run/firejail/profile
Disable /run/firejail/x11
Mounting tmpfs on /dev
mounting /run/firejail/mnt/dev/dri directory
mounting /run/firejail/mnt/dev/nvidia0 file
mounting /run/firejail/mnt/dev/nvidiactl file
mounting /run/firejail/mnt/dev/nvidia-modeset file
mounting /run/firejail/mnt/dev/input directory
Process /dev/shm directory
Copying files in the new /opt directory:
Copying /opt/lightcord to private /opt
Creating empty /run/firejail/mnt/opt/lightcord directory
sbox run: /run/firejail/lib/fcopy /opt/lightcord /run/firejail/mnt/opt/lightcord 
Warning fcopy: skipping /opt/lightcord/LICENSE, cannot find inode
Warning fcopy: skipping /opt/lightcord/lightcord-bin-0.1.8.zip, cannot find inode
Warning fcopy: skipping /opt/lightcord/Lightcord.desktop, cannot find inode
Warning fcopy: skipping /opt/lightcord/lightcord.png, cannot find inode
Mount-bind /run/firejail/mnt/opt on top of /opt
Private /opt installed in 1814.20 ms
Copying files in the new bin directory
Checking /usr/local/bin/lightcord
Checking /usr/bin/lightcord
file /opt/lightcord/lightcord not found
sbox run: /run/firejail/lib/fcopy /usr/bin/lightcord /run/firejail/mnt/bin 
Checking /usr/local/bin/bash
Checking /usr/bin/bash
sbox run: /run/firejail/lib/fcopy /usr/bin/bash /run/firejail/mnt/bin 
Checking /usr/local/bin/cut
Checking /usr/bin/cut
sbox run: /run/firejail/lib/fcopy /usr/bin/cut /run/firejail/mnt/bin 
Checking /usr/local/bin/echo
Checking /usr/bin/echo
sbox run: /run/firejail/lib/fcopy /usr/bin/echo /run/firejail/mnt/bin 
Checking /usr/local/bin/egrep
Checking /usr/bin/egrep
sbox run: /run/firejail/lib/fcopy /usr/bin/egrep /run/firejail/mnt/bin 
Checking /usr/local/bin/fish
Checking /usr/bin/fish
Checking /bin/fish
Checking /usr/games/fish
Checking /usr/local/games/fish
Checking /usr/local/sbin/fish
Checking /usr/sbin/fish
Checking /sbin/fish
Warning: file fish not found
Checking /usr/local/bin/grep
Checking /usr/bin/grep
sbox run: /run/firejail/lib/fcopy /usr/bin/grep /run/firejail/mnt/bin 
Checking /usr/local/bin/head
Checking /usr/bin/head
sbox run: /run/firejail/lib/fcopy /usr/bin/head /run/firejail/mnt/bin 
Checking /usr/local/bin/sed
Checking /usr/bin/sed
sbox run: /run/firejail/lib/fcopy /usr/bin/sed /run/firejail/mnt/bin 
Checking /usr/local/bin/sh
Checking /usr/bin/sh
sbox run: /run/firejail/lib/fcopy /usr/bin/bash /run/firejail/mnt/bin 
sbox run: /run/firejail/lib/fcopy /usr/bin/sh /run/firejail/mnt/bin 
Checking /usr/local/bin/tclsh
Checking /usr/bin/tclsh
sbox run: /run/firejail/lib/fcopy /usr/bin/tclsh8.6 /run/firejail/mnt/bin 
sbox run: /run/firejail/lib/fcopy /usr/bin/tclsh /run/firejail/mnt/bin 
Checking /usr/local/bin/tr
Checking /usr/bin/tr
sbox run: /run/firejail/lib/fcopy /usr/bin/tr /run/firejail/mnt/bin 
Checking /usr/local/bin/xdg-mime
Checking /usr/bin/xdg-mime
sbox run: /run/firejail/lib/fcopy /usr/bin/xdg-mime /run/firejail/mnt/bin 
Checking /usr/local/bin/xdg-open
Checking /usr/bin/xdg-open
sbox run: /run/firejail/lib/fcopy /usr/bin/xdg-open /run/firejail/mnt/bin 
Checking /usr/local/bin/zsh
Checking /usr/bin/zsh
Checking /bin/zsh
Checking /usr/games/zsh
Checking /usr/local/games/zsh
Checking /usr/local/sbin/zsh
Checking /usr/sbin/zsh
Checking /sbin/zsh
Warning: file zsh not found
Mount-bind /run/firejail/mnt/bin on top of /usr/local/bin
Mount-bind /run/firejail/mnt/bin on top of /usr/bin
Mount-bind /run/firejail/mnt/bin on top of /bin
Mount-bind /run/firejail/mnt/bin on top of /usr/local/games
Mount-bind /run/firejail/mnt/bin on top of /usr/local/sbin
Mount-bind /run/firejail/mnt/bin on top of /usr/sbin
Mount-bind /run/firejail/mnt/bin on top of /sbin
15 programs installed in 36.15 ms
Generate private-tmp whitelist commands
blacklist /run/firejail/dbus
Mounting read-only /proc/sys
Remounting /sys directory
Disable /sys/firmware
Disable /sys/hypervisor
Disable /sys/power
Disable /proc/sys/fs/binfmt_misc
Disable /proc/sys/kernel/core_pattern
Disable /proc/sys/kernel/modprobe
Disable /proc/sysrq-trigger
Disable /proc/sys/vm/panic_on_oom
Disable /proc/irq
Disable /proc/bus
Disable /proc/sched_debug
Disable /proc/timer_list
Disable /proc/kallsyms
Disable /usr/lib/modules/5.12.15-arch1-1/build (requested /usr/src/linux)
Disable /usr/lib/modules (requested /lib/modules)
Disable /boot
Disable /run/user/1000/gnupg
Disable /run/user/1000/systemd
Disable /proc/kmsg
Copying files in the new /etc directory:
Warning: file /etc/alternatives not found.
Warning: skipping alternatives for private /etc
Copying /etc/ca-certificates to private /etc
Creating empty /run/firejail/mnt/etc/ca-certificates directory
sbox run: /run/firejail/lib/fcopy /etc/ca-certificates /run/firejail/mnt/etc/ca-certificates 
Warning: file /etc/crypto-policies not found.
Warning: skipping crypto-policies for private /etc
Copying /etc/fonts to private /etc
Creating empty /run/firejail/mnt/etc/fonts directory
sbox run: /run/firejail/lib/fcopy /etc/fonts /run/firejail/mnt/etc/fonts 
Copying /etc/group to private /etc
sbox run: /run/firejail/lib/fcopy /etc/group /run/firejail/mnt/etc 
Copying /etc/ld.so.cache to private /etc
sbox run: /run/firejail/lib/fcopy /etc/ld.so.cache /run/firejail/mnt/etc 
Copying /etc/localtime to private /etc
sbox run: /run/firejail/lib/fcopy /etc/localtime /run/firejail/mnt/etc 
Copying /etc/login.defs to private /etc
sbox run: /run/firejail/lib/fcopy /etc/login.defs /run/firejail/mnt/etc 
Copying /etc/machine-id to private /etc
sbox run: /run/firejail/lib/fcopy /etc/machine-id /run/firejail/mnt/etc 
Warning: file /etc/password not found.
Warning: skipping password for private /etc
Warning: file /etc/pki not found.
Warning: skipping pki for private /etc
Copying /etc/resolv.conf to private /etc
sbox run: /run/firejail/lib/fcopy /etc/resolv.conf /run/firejail/mnt/etc 
Copying /etc/ssl to private /etc
Creating empty /run/firejail/mnt/etc/ssl directory
sbox run: /run/firejail/lib/fcopy /etc/ssl /run/firejail/mnt/etc/ssl 
Mount-bind /run/firejail/mnt/etc on top of /etc
Private /etc installed in 78.73 ms
Copying files in the new /usr/etc directory:
Warning: file /usr/etc/alternatives not found.
Warning: skipping alternatives for private /usr/etc
Warning: file /usr/etc/ca-certificates not found.
Warning: skipping ca-certificates for private /usr/etc
Warning: file /usr/etc/crypto-policies not found.
Warning: skipping crypto-policies for private /usr/etc
Warning: file /usr/etc/fonts not found.
Warning: skipping fonts for private /usr/etc
Warning: file /usr/etc/group not found.
Warning: skipping group for private /usr/etc
Warning: file /usr/etc/ld.so.cache not found.
Warning: skipping ld.so.cache for private /usr/etc
Warning: file /usr/etc/localtime not found.
Warning: skipping localtime for private /usr/etc
Warning: file /usr/etc/login.defs not found.
Warning: skipping login.defs for private /usr/etc
Warning: file /usr/etc/machine-id not found.
Warning: skipping machine-id for private /usr/etc
Warning: file /usr/etc/password not found.
Warning: skipping password for private /usr/etc
Warning: file /usr/etc/pki not found.
Warning: skipping pki for private /usr/etc
Warning: file /usr/etc/resolv.conf not found.
Warning: skipping resolv.conf for private /usr/etc
Warning: file /usr/etc/ssl not found.
Warning: skipping ssl for private /usr/etc
Mount-bind /run/firejail/mnt/usretc on top of /usr/etc
Private /usr/etc installed in 0.25 ms
Debug 553: whitelist ${HOME}/.config/lightcord
Debug 574: expanded: /home/seonwoo/.config/lightcord
Debug 585: new_name: /home/seonwoo/.config/lightcord
Debug 599: dir: /home/seonwoo
Adding whitelist top level directory /home/seonwoo
Debug 553: whitelist ${HOME}/.config/Lightcord
Debug 574: expanded: /home/seonwoo/.config/Lightcord
Debug 585: new_name: /home/seonwoo/.config/Lightcord
Debug 599: dir: /home/seonwoo
Debug 553: whitelist ${HOME}/.config/Lightcord_BD
Debug 574: expanded: /home/seonwoo/.config/Lightcord_BD
Debug 585: new_name: /home/seonwoo/.config/Lightcord_BD
Debug 599: dir: /home/seonwoo
Debug 553: whitelist ${HOME}/.config/BetterDiscord
Debug 574: expanded: /home/seonwoo/.config/BetterDiscord
Debug 585: new_name: /home/seonwoo/.config/BetterDiscord
Debug 599: dir: /home/seonwoo
Removed path: whitelist ${HOME}/.config/BetterDiscord
	expanded: /home/seonwoo/.config/BetterDiscord
	realpath: (null)
	No such file or directory
Debug 553: whitelist ${HOME}/.local/share/betterdiscordctl
Debug 574: expanded: /home/seonwoo/.local/share/betterdiscordctl
Debug 585: new_name: /home/seonwoo/.local/share/betterdiscordctl
Debug 599: dir: /home/seonwoo
Removed path: whitelist ${HOME}/.local/share/betterdiscordctl
	expanded: /home/seonwoo/.local/share/betterdiscordctl
	realpath: (null)
	No such file or directory
Debug 553: whitelist /tmp/Lightcord
Debug 574: expanded: /tmp/Lightcord
Debug 585: new_name: /tmp/Lightcord
Debug 599: dir: /tmp
Adding whitelist top level directory /tmp
Debug 553: whitelist ${HOME}/.XCompose
Debug 574: expanded: /home/seonwoo/.XCompose
Debug 585: new_name: /home/seonwoo/.XCompose
Debug 599: dir: /home/seonwoo
Removed path: whitelist ${HOME}/.XCompose
	expanded: /home/seonwoo/.XCompose
	realpath: (null)
	No such file or directory
Debug 553: whitelist ${HOME}/.alsaequal.bin
Debug 574: expanded: /home/seonwoo/.alsaequal.bin
Debug 585: new_name: /home/seonwoo/.alsaequal.bin
Debug 599: dir: /home/seonwoo
Debug 553: whitelist ${HOME}/.asoundrc
Debug 574: expanded: /home/seonwoo/.asoundrc
Debug 585: new_name: /home/seonwoo/.asoundrc
Debug 599: dir: /home/seonwoo
Removed path: whitelist ${HOME}/.asoundrc
	expanded: /home/seonwoo/.asoundrc
	realpath: (null)
	No such file or directory
Debug 553: whitelist ${HOME}/.config/ibus
Debug 574: expanded: /home/seonwoo/.config/ibus
Debug 585: new_name: /home/seonwoo/.config/ibus
Debug 599: dir: /home/seonwoo
Debug 553: whitelist ${HOME}/.config/mimeapps.list
Debug 574: expanded: /home/seonwoo/.config/mimeapps.list
Debug 585: new_name: /home/seonwoo/.config/mimeapps.list
Debug 599: dir: /home/seonwoo
Debug 553: whitelist ${HOME}/.config/pkcs11
Debug 574: expanded: /home/seonwoo/.config/pkcs11
Debug 585: new_name: /home/seonwoo/.config/pkcs11
Debug 599: dir: /home/seonwoo
Removed path: whitelist ${HOME}/.config/pkcs11
	expanded: /home/seonwoo/.config/pkcs11
	realpath: (null)
	No such file or directory
Debug 553: whitelist ${HOME}/.config/user-dirs.dirs
Debug 574: expanded: /home/seonwoo/.config/user-dirs.dirs
Debug 585: new_name: /home/seonwoo/.config/user-dirs.dirs
Debug 599: dir: /home/seonwoo
Debug 553: whitelist ${HOME}/.config/user-dirs.locale
Debug 574: expanded: /home/seonwoo/.config/user-dirs.locale
Debug 585: new_name: /home/seonwoo/.config/user-dirs.locale
Debug 599: dir: /home/seonwoo
Debug 553: whitelist ${HOME}/.drirc
Debug 574: expanded: /home/seonwoo/.drirc
Debug 585: new_name: /home/seonwoo/.drirc
Debug 599: dir: /home/seonwoo
Removed path: whitelist ${HOME}/.drirc
	expanded: /home/seonwoo/.drirc
	realpath: (null)
	No such file or directory
Debug 553: whitelist ${HOME}/.icons
Debug 574: expanded: /home/seonwoo/.icons
Debug 585: new_name: /home/seonwoo/.icons
Debug 599: dir: /home/seonwoo
Debug 553: whitelist ${HOME}/.local/share/applications
Debug 574: expanded: /home/seonwoo/.local/share/applications
Debug 585: new_name: /home/seonwoo/.local/share/applications
Debug 599: dir: /home/seonwoo
Debug 553: whitelist ${HOME}/.local/share/icons
Debug 574: expanded: /home/seonwoo/.local/share/icons
Debug 585: new_name: /home/seonwoo/.local/share/icons
Debug 599: dir: /home/seonwoo
Debug 553: whitelist ${HOME}/.local/share/mime
Debug 574: expanded: /home/seonwoo/.local/share/mime
Debug 585: new_name: /home/seonwoo/.local/share/mime
Debug 599: dir: /home/seonwoo
Debug 553: whitelist ${HOME}/.mime.types
Debug 574: expanded: /home/seonwoo/.mime.types
Debug 585: new_name: /home/seonwoo/.mime.types
Debug 599: dir: /home/seonwoo
Removed path: whitelist ${HOME}/.mime.types
	expanded: /home/seonwoo/.mime.types
	realpath: (null)
	No such file or directory
Debug 553: whitelist ${HOME}/.uim.d
Debug 574: expanded: /home/seonwoo/.uim.d
Debug 585: new_name: /home/seonwoo/.uim.d
Debug 599: dir: /home/seonwoo
Removed path: whitelist ${HOME}/.uim.d
	expanded: /home/seonwoo/.uim.d
	realpath: (null)
	No such file or directory
Debug 553: whitelist ${HOME}/.config/dconf
Debug 574: expanded: /home/seonwoo/.config/dconf
Debug 585: new_name: /home/seonwoo/.config/dconf
Debug 599: dir: /home/seonwoo
Debug 553: whitelist ${HOME}/.cache/fontconfig
Debug 574: expanded: /home/seonwoo/.cache/fontconfig
Debug 585: new_name: /home/seonwoo/.cache/fontconfig
Debug 599: dir: /home/seonwoo
Removed path: whitelist ${HOME}/.cache/fontconfig
	expanded: /home/seonwoo/.cache/fontconfig
	realpath: (null)
	No such file or directory
Debug 553: whitelist ${HOME}/.config/fontconfig
Debug 574: expanded: /home/seonwoo/.config/fontconfig
Debug 585: new_name: /home/seonwoo/.config/fontconfig
Debug 599: dir: /home/seonwoo
Debug 553: whitelist ${HOME}/.fontconfig
Debug 574: expanded: /home/seonwoo/.fontconfig
Debug 585: new_name: /home/seonwoo/.fontconfig
Debug 599: dir: /home/seonwoo
Removed path: whitelist ${HOME}/.fontconfig
	expanded: /home/seonwoo/.fontconfig
	realpath: (null)
	No such file or directory
Debug 553: whitelist ${HOME}/.fonts
Debug 574: expanded: /home/seonwoo/.fonts
Debug 585: new_name: /home/seonwoo/.fonts
Debug 599: dir: /home/seonwoo
Removed path: whitelist ${HOME}/.fonts
	expanded: /home/seonwoo/.fonts
	realpath: (null)
	No such file or directory
Debug 553: whitelist ${HOME}/.fonts.conf
Debug 574: expanded: /home/seonwoo/.fonts.conf
Debug 585: new_name: /home/seonwoo/.fonts.conf
Debug 599: dir: /home/seonwoo
Debug 553: whitelist ${HOME}/.fonts.conf.d
Debug 574: expanded: /home/seonwoo/.fonts.conf.d
Debug 585: new_name: /home/seonwoo/.fonts.conf.d
Debug 599: dir: /home/seonwoo
Removed path: whitelist ${HOME}/.fonts.conf.d
	expanded: /home/seonwoo/.fonts.conf.d
	realpath: (null)
	No such file or directory
Debug 553: whitelist ${HOME}/.fonts.d
Debug 574: expanded: /home/seonwoo/.fonts.d
Debug 585: new_name: /home/seonwoo/.fonts.d
Debug 599: dir: /home/seonwoo
Removed path: whitelist ${HOME}/.fonts.d
	expanded: /home/seonwoo/.fonts.d
	realpath: (null)
	No such file or directory
Debug 553: whitelist ${HOME}/.local/share/fonts
Debug 574: expanded: /home/seonwoo/.local/share/fonts
Debug 585: new_name: /home/seonwoo/.local/share/fonts
Debug 599: dir: /home/seonwoo
Removed path: whitelist ${HOME}/.local/share/fonts
	expanded: /home/seonwoo/.local/share/fonts
	realpath: (null)
	No such file or directory
Debug 553: whitelist ${HOME}/.pangorc
Debug 574: expanded: /home/seonwoo/.pangorc
Debug 585: new_name: /home/seonwoo/.pangorc
Debug 599: dir: /home/seonwoo
Removed path: whitelist ${HOME}/.pangorc
	expanded: /home/seonwoo/.pangorc
	realpath: (null)
	No such file or directory
Debug 553: whitelist ${HOME}/.config/gtk-2.0
Debug 574: expanded: /home/seonwoo/.config/gtk-2.0
Debug 585: new_name: /home/seonwoo/.config/gtk-2.0
Debug 599: dir: /home/seonwoo
Debug 553: whitelist ${HOME}/.config/gtk-3.0
Debug 574: expanded: /home/seonwoo/.config/gtk-3.0
Debug 585: new_name: /home/seonwoo/.config/gtk-3.0
Debug 599: dir: /home/seonwoo
Debug 553: whitelist ${HOME}/.config/gtk-4.0
Debug 574: expanded: /home/seonwoo/.config/gtk-4.0
Debug 585: new_name: /home/seonwoo/.config/gtk-4.0
Debug 599: dir: /home/seonwoo
Removed path: whitelist ${HOME}/.config/gtk-4.0
	expanded: /home/seonwoo/.config/gtk-4.0
	realpath: (null)
	No such file or directory
Debug 553: whitelist ${HOME}/.config/gtkrc
Debug 574: expanded: /home/seonwoo/.config/gtkrc
Debug 585: new_name: /home/seonwoo/.config/gtkrc
Debug 599: dir: /home/seonwoo
Debug 553: whitelist ${HOME}/.config/gtkrc-2.0
Debug 574: expanded: /home/seonwoo/.config/gtkrc-2.0
Debug 585: new_name: /home/seonwoo/.config/gtkrc-2.0
Debug 599: dir: /home/seonwoo
Debug 553: whitelist ${HOME}/.gnome2
Debug 574: expanded: /home/seonwoo/.gnome2
Debug 585: new_name: /home/seonwoo/.gnome2
Debug 599: dir: /home/seonwoo
Removed path: whitelist ${HOME}/.gnome2
	expanded: /home/seonwoo/.gnome2
	realpath: (null)
	No such file or directory
Debug 553: whitelist ${HOME}/.gnome2-private
Debug 574: expanded: /home/seonwoo/.gnome2-private
Debug 585: new_name: /home/seonwoo/.gnome2-private
Debug 599: dir: /home/seonwoo
Removed path: whitelist ${HOME}/.gnome2-private
	expanded: /home/seonwoo/.gnome2-private
	realpath: (null)
	No such file or directory
Debug 553: whitelist ${HOME}/.gtk-2.0
Debug 574: expanded: /home/seonwoo/.gtk-2.0
Debug 585: new_name: /home/seonwoo/.gtk-2.0
Debug 599: dir: /home/seonwoo
Removed path: whitelist ${HOME}/.gtk-2.0
	expanded: /home/seonwoo/.gtk-2.0
	realpath: (null)
	No such file or directory
Debug 553: whitelist ${HOME}/.gtkrc
Debug 574: expanded: /home/seonwoo/.gtkrc
Debug 585: new_name: /home/seonwoo/.gtkrc
Debug 599: dir: /home/seonwoo
Removed path: whitelist ${HOME}/.gtkrc
	expanded: /home/seonwoo/.gtkrc
	realpath: (null)
	No such file or directory
Debug 553: whitelist ${HOME}/.gtkrc-2.0
Debug 574: expanded: /home/seonwoo/.gtkrc-2.0
Debug 585: new_name: /home/seonwoo/.gtkrc-2.0
Debug 599: dir: /home/seonwoo
Removed path: whitelist ${HOME}/.gtkrc-2.0
	expanded: /home/seonwoo/.gtkrc-2.0
	realpath: (null)
	No such file or directory
Debug 553: whitelist ${HOME}/.kde/share/config/gtkrc
Debug 574: expanded: /home/seonwoo/.kde/share/config/gtkrc
Debug 585: new_name: /home/seonwoo/.kde/share/config/gtkrc
Debug 599: dir: /home/seonwoo
Removed path: whitelist ${HOME}/.kde/share/config/gtkrc
	expanded: /home/seonwoo/.kde/share/config/gtkrc
	realpath: (null)
	No such file or directory
Debug 553: whitelist ${HOME}/.kde/share/config/gtkrc-2.0
Debug 574: expanded: /home/seonwoo/.kde/share/config/gtkrc-2.0
Debug 585: new_name: /home/seonwoo/.kde/share/config/gtkrc-2.0
Debug 599: dir: /home/seonwoo
Removed path: whitelist ${HOME}/.kde/share/config/gtkrc-2.0
	expanded: /home/seonwoo/.kde/share/config/gtkrc-2.0
	realpath: (null)
	No such file or directory
Debug 553: whitelist ${HOME}/.kde4/share/config/gtkrc
Debug 574: expanded: /home/seonwoo/.kde4/share/config/gtkrc
Debug 585: new_name: /home/seonwoo/.kde4/share/config/gtkrc
Debug 599: dir: /home/seonwoo
Removed path: whitelist ${HOME}/.kde4/share/config/gtkrc
	expanded: /home/seonwoo/.kde4/share/config/gtkrc
	realpath: (null)
	No such file or directory
Debug 553: whitelist ${HOME}/.kde4/share/config/gtkrc-2.0
Debug 574: expanded: /home/seonwoo/.kde4/share/config/gtkrc-2.0
Debug 585: new_name: /home/seonwoo/.kde4/share/config/gtkrc-2.0
Debug 599: dir: /home/seonwoo
Removed path: whitelist ${HOME}/.kde4/share/config/gtkrc-2.0
	expanded: /home/seonwoo/.kde4/share/config/gtkrc-2.0
	realpath: (null)
	No such file or directory
Debug 553: whitelist ${HOME}/.local/share/themes
Debug 574: expanded: /home/seonwoo/.local/share/themes
Debug 585: new_name: /home/seonwoo/.local/share/themes
Debug 599: dir: /home/seonwoo
Removed path: whitelist ${HOME}/.local/share/themes
	expanded: /home/seonwoo/.local/share/themes
	realpath: (null)
	No such file or directory
Debug 553: whitelist ${HOME}/.themes
Debug 574: expanded: /home/seonwoo/.themes
Debug 585: new_name: /home/seonwoo/.themes
Debug 599: dir: /home/seonwoo
Debug 553: whitelist ${HOME}/.cache/kioexec/krun
Debug 574: expanded: /home/seonwoo/.cache/kioexec/krun
Debug 585: new_name: /home/seonwoo/.cache/kioexec/krun
Debug 599: dir: /home/seonwoo
Removed path: whitelist ${HOME}/.cache/kioexec/krun
	expanded: /home/seonwoo/.cache/kioexec/krun
	realpath: (null)
	No such file or directory
Debug 553: whitelist ${HOME}/.config/Kvantum
Debug 574: expanded: /home/seonwoo/.config/Kvantum
Debug 585: new_name: /home/seonwoo/.config/Kvantum
Debug 599: dir: /home/seonwoo
Removed path: whitelist ${HOME}/.config/Kvantum
	expanded: /home/seonwoo/.config/Kvantum
	realpath: (null)
	No such file or directory
Debug 553: whitelist ${HOME}/.config/Trolltech.conf
Debug 574: expanded: /home/seonwoo/.config/Trolltech.conf
Debug 585: new_name: /home/seonwoo/.config/Trolltech.conf
Debug 599: dir: /home/seonwoo
Debug 553: whitelist ${HOME}/.config/QtProject.conf
Debug 574: expanded: /home/seonwoo/.config/QtProject.conf
Debug 585: new_name: /home/seonwoo/.config/QtProject.conf
Debug 599: dir: /home/seonwoo
Debug 553: whitelist ${HOME}/.config/kdeglobals
Debug 574: expanded: /home/seonwoo/.config/kdeglobals
Debug 585: new_name: /home/seonwoo/.config/kdeglobals
Debug 599: dir: /home/seonwoo
Removed path: whitelist ${HOME}/.config/kdeglobals
	expanded: /home/seonwoo/.config/kdeglobals
	realpath: (null)
	No such file or directory
Debug 553: whitelist ${HOME}/.config/kio_httprc
Debug 574: expanded: /home/seonwoo/.config/kio_httprc
Debug 585: new_name: /home/seonwoo/.config/kio_httprc
Debug 599: dir: /home/seonwoo
Removed path: whitelist ${HOME}/.config/kio_httprc
	expanded: /home/seonwoo/.config/kio_httprc
	realpath: (null)
	No such file or directory
Debug 553: whitelist ${HOME}/.config/kioslaverc
Debug 574: expanded: /home/seonwoo/.config/kioslaverc
Debug 585: new_name: /home/seonwoo/.config/kioslaverc
Debug 599: dir: /home/seonwoo
Removed path: whitelist ${HOME}/.config/kioslaverc
	expanded: /home/seonwoo/.config/kioslaverc
	realpath: (null)
	No such file or directory
Debug 553: whitelist ${HOME}/.config/ksslcablacklist
Debug 574: expanded: /home/seonwoo/.config/ksslcablacklist
Debug 585: new_name: /home/seonwoo/.config/ksslcablacklist
Debug 599: dir: /home/seonwoo
Removed path: whitelist ${HOME}/.config/ksslcablacklist
	expanded: /home/seonwoo/.config/ksslcablacklist
	realpath: (null)
	No such file or directory
Debug 553: whitelist ${HOME}/.config/qt5ct
Debug 574: expanded: /home/seonwoo/.config/qt5ct
Debug 585: new_name: /home/seonwoo/.config/qt5ct
Debug 599: dir: /home/seonwoo
Removed path: whitelist ${HOME}/.config/qt5ct
	expanded: /home/seonwoo/.config/qt5ct
	realpath: (null)
	No such file or directory
Debug 553: whitelist ${HOME}/.config/qtcurve
Debug 574: expanded: /home/seonwoo/.config/qtcurve
Debug 585: new_name: /home/seonwoo/.config/qtcurve
Debug 599: dir: /home/seonwoo
Removed path: whitelist ${HOME}/.config/qtcurve
	expanded: /home/seonwoo/.config/qtcurve
	realpath: (null)
	No such file or directory
Debug 553: whitelist ${HOME}/.kde/share/config/kdeglobals
Debug 574: expanded: /home/seonwoo/.kde/share/config/kdeglobals
Debug 585: new_name: /home/seonwoo/.kde/share/config/kdeglobals
Debug 599: dir: /home/seonwoo
Removed path: whitelist ${HOME}/.kde/share/config/kdeglobals
	expanded: /home/seonwoo/.kde/share/config/kdeglobals
	realpath: (null)
	No such file or directory
Debug 553: whitelist ${HOME}/.kde/share/config/kio_httprc
Debug 574: expanded: /home/seonwoo/.kde/share/config/kio_httprc
Debug 585: new_name: /home/seonwoo/.kde/share/config/kio_httprc
Debug 599: dir: /home/seonwoo
Removed path: whitelist ${HOME}/.kde/share/config/kio_httprc
	expanded: /home/seonwoo/.kde/share/config/kio_httprc
	realpath: (null)
	No such file or directory
Debug 553: whitelist ${HOME}/.kde/share/config/kioslaverc
Debug 574: expanded: /home/seonwoo/.kde/share/config/kioslaverc
Debug 585: new_name: /home/seonwoo/.kde/share/config/kioslaverc
Debug 599: dir: /home/seonwoo
Removed path: whitelist ${HOME}/.kde/share/config/kioslaverc
	expanded: /home/seonwoo/.kde/share/config/kioslaverc
	realpath: (null)
	No such file or directory
Debug 553: whitelist ${HOME}/.kde/share/config/ksslcablacklist
Debug 574: expanded: /home/seonwoo/.kde/share/config/ksslcablacklist
Debug 585: new_name: /home/seonwoo/.kde/share/config/ksslcablacklist
Debug 599: dir: /home/seonwoo
Removed path: whitelist ${HOME}/.kde/share/config/ksslcablacklist
	expanded: /home/seonwoo/.kde/share/config/ksslcablacklist
	realpath: (null)
	No such file or directory
Debug 553: whitelist ${HOME}/.kde/share/config/oxygenrc
Debug 574: expanded: /home/seonwoo/.kde/share/config/oxygenrc
Debug 585: new_name: /home/seonwoo/.kde/share/config/oxygenrc
Debug 599: dir: /home/seonwoo
Removed path: whitelist ${HOME}/.kde/share/config/oxygenrc
	expanded: /home/seonwoo/.kde/share/config/oxygenrc
	realpath: (null)
	No such file or directory
Debug 553: whitelist ${HOME}/.kde/share/icons
Debug 574: expanded: /home/seonwoo/.kde/share/icons
Debug 585: new_name: /home/seonwoo/.kde/share/icons
Debug 599: dir: /home/seonwoo
Removed path: whitelist ${HOME}/.kde/share/icons
	expanded: /home/seonwoo/.kde/share/icons
	realpath: (null)
	No such file or directory
Debug 553: whitelist ${HOME}/.kde4/share/config/kdeglobals
Debug 574: expanded: /home/seonwoo/.kde4/share/config/kdeglobals
Debug 585: new_name: /home/seonwoo/.kde4/share/config/kdeglobals
Debug 599: dir: /home/seonwoo
Debug 553: whitelist ${HOME}/.kde4/share/config/kio_httprc
Debug 574: expanded: /home/seonwoo/.kde4/share/config/kio_httprc
Debug 585: new_name: /home/seonwoo/.kde4/share/config/kio_httprc
Debug 599: dir: /home/seonwoo
Removed path: whitelist ${HOME}/.kde4/share/config/kio_httprc
	expanded: /home/seonwoo/.kde4/share/config/kio_httprc
	realpath: (null)
	No such file or directory
Debug 553: whitelist ${HOME}/.kde4/share/config/kioslaverc
Debug 574: expanded: /home/seonwoo/.kde4/share/config/kioslaverc
Debug 585: new_name: /home/seonwoo/.kde4/share/config/kioslaverc
Debug 599: dir: /home/seonwoo
Removed path: whitelist ${HOME}/.kde4/share/config/kioslaverc
	expanded: /home/seonwoo/.kde4/share/config/kioslaverc
	realpath: (null)
	No such file or directory
Debug 553: whitelist ${HOME}/.kde4/share/config/ksslcablacklist
Debug 574: expanded: /home/seonwoo/.kde4/share/config/ksslcablacklist
Debug 585: new_name: /home/seonwoo/.kde4/share/config/ksslcablacklist
Debug 599: dir: /home/seonwoo
Removed path: whitelist ${HOME}/.kde4/share/config/ksslcablacklist
	expanded: /home/seonwoo/.kde4/share/config/ksslcablacklist
	realpath: (null)
	No such file or directory
Debug 553: whitelist ${HOME}/.kde4/share/config/oxygenrc
Debug 574: expanded: /home/seonwoo/.kde4/share/config/oxygenrc
Debug 585: new_name: /home/seonwoo/.kde4/share/config/oxygenrc
Debug 599: dir: /home/seonwoo
Removed path: whitelist ${HOME}/.kde4/share/config/oxygenrc
	expanded: /home/seonwoo/.kde4/share/config/oxygenrc
	realpath: (null)
	No such file or directory
Debug 553: whitelist ${HOME}/.kde4/share/icons
Debug 574: expanded: /home/seonwoo/.kde4/share/icons
Debug 585: new_name: /home/seonwoo/.kde4/share/icons
Debug 599: dir: /home/seonwoo
Removed path: whitelist ${HOME}/.kde4/share/icons
	expanded: /home/seonwoo/.kde4/share/icons
	realpath: (null)
	No such file or directory
Debug 553: whitelist ${HOME}/.local/share/qt5ct
Debug 574: expanded: /home/seonwoo/.local/share/qt5ct
Debug 585: new_name: /home/seonwoo/.local/share/qt5ct
Debug 599: dir: /home/seonwoo
Removed path: whitelist ${HOME}/.local/share/qt5ct
	expanded: /home/seonwoo/.local/share/qt5ct
	realpath: (null)
	No such file or directory
Debug 553: whitelist /var/lib/aspell
Debug 574: expanded: /var/lib/aspell
Debug 585: new_name: /var/lib/aspell
Debug 599: dir: /var
Adding whitelist top level directory /var
Removed path: whitelist /var/lib/aspell
	expanded: /var/lib/aspell
	realpath: (null)
	No such file or directory
Debug 553: whitelist /var/lib/ca-certificates
Debug 574: expanded: /var/lib/ca-certificates
Debug 585: new_name: /var/lib/ca-certificates
Debug 599: dir: /var
Removed path: whitelist /var/lib/ca-certificates
	expanded: /var/lib/ca-certificates
	realpath: (null)
	No such file or directory
Debug 553: whitelist /var/lib/dbus
Debug 574: expanded: /var/lib/dbus
Debug 585: new_name: /var/lib/dbus
Debug 599: dir: /var
Debug 553: whitelist /var/lib/menu-xdg
Debug 574: expanded: /var/lib/menu-xdg
Debug 585: new_name: /var/lib/menu-xdg
Debug 599: dir: /var
Removed path: whitelist /var/lib/menu-xdg
	expanded: /var/lib/menu-xdg
	realpath: (null)
	No such file or directory
Debug 553: whitelist /var/lib/uim
Debug 574: expanded: /var/lib/uim
Debug 585: new_name: /var/lib/uim
Debug 599: dir: /var
Removed path: whitelist /var/lib/uim
	expanded: /var/lib/uim
	realpath: (null)
	No such file or directory
Debug 553: whitelist /var/cache/fontconfig
Debug 574: expanded: /var/cache/fontconfig
Debug 585: new_name: /var/cache/fontconfig
Debug 599: dir: /var
Debug 553: whitelist /var/tmp
Debug 574: expanded: /var/tmp
Debug 585: new_name: /var/tmp
Debug 599: dir: /var
Debug 553: whitelist /var/run
Debug 574: expanded: /var/run
Debug 585: new_name: /var/run
Debug 599: dir: /var
Debug 553: whitelist /var/lock
Debug 574: expanded: /var/lock
Debug 585: new_name: /var/lock
Debug 599: dir: /var
Debug 553: whitelist /tmp/.X11-unix
Debug 574: expanded: /tmp/.X11-unix
Debug 585: new_name: /tmp/.X11-unix
Debug 599: dir: /tmp
Mounting tmpfs on /tmp, check owner: no
4341 1679 0:248 / /tmp rw,nosuid,nodev,relatime - tmpfs tmpfs rw,inode64
mountid=4341 fsname=/ dir=/tmp fstype=tmpfs
Mounting tmpfs on /var, check owner: no
4342 2288 0:249 / /var rw,nosuid,nodev,noexec,relatime - tmpfs tmpfs rw,mode=755,inode64
mountid=4342 fsname=/ dir=/var fstype=tmpfs
Drop privileges: pid 28, uid 1000, gid 100, nogroups 0
Supplementary groups: 92 91 
Mounting a new /root directory
Mounting a new /home directory
Create a new user directory
Drop privileges: pid 29, uid 1000, gid 100, nogroups 0
Supplementary groups: 92 91 
Debug 735: file: /home/seonwoo/.config/lightcord; dirfd: 4; topdir: /home/seonwoo; rel: .config/lightcord
Whitelisting /home/seonwoo/.config/lightcord
4345 4344 0:27 /.config/lightcord /home/seonwoo/.config/lightcord rw,relatime master:3 - zfs zroot/enc/perm/root/home/seonwoo rw,xattr,posixacl
mountid=4345 fsname=/.config/lightcord dir=/home/seonwoo/.config/lightcord fstype=zfs
Debug 735: file: /home/seonwoo/.config/Lightcord; dirfd: 4; topdir: /home/seonwoo; rel: .config/Lightcord
Whitelisting /home/seonwoo/.config/Lightcord
4346 4344 0:27 /.config/Lightcord /home/seonwoo/.config/Lightcord rw,relatime master:3 - zfs zroot/enc/perm/root/home/seonwoo rw,xattr,posixacl
mountid=4346 fsname=/.config/Lightcord dir=/home/seonwoo/.config/Lightcord fstype=zfs
Debug 735: file: /home/seonwoo/.config/Lightcord_BD; dirfd: 4; topdir: /home/seonwoo; rel: .config/Lightcord_BD
Whitelisting /home/seonwoo/.config/Lightcord_BD
4347 4344 0:27 /.config/Lightcord_BD /home/seonwoo/.config/Lightcord_BD rw,relatime master:3 - zfs zroot/enc/perm/root/home/seonwoo rw,xattr,posixacl
mountid=4347 fsname=/.config/Lightcord_BD dir=/home/seonwoo/.config/Lightcord_BD fstype=zfs
Debug 735: file: /tmp/Lightcord; dirfd: 5; topdir: /tmp; rel: Lightcord
Whitelisting /tmp/Lightcord
4348 4341 0:78 /Lightcord /tmp/Lightcord rw,nosuid,nodev,relatime master:128 - tmpfs tmpfs rw,size=6291456k,inode64
mountid=4348 fsname=/Lightcord dir=/tmp/Lightcord fstype=tmpfs
Debug 735: file: /home/seonwoo/.alsaequal.bin; dirfd: 4; topdir: /home/seonwoo; rel: .alsaequal.bin
Whitelisting /home/seonwoo/.alsaequal.bin
4349 4344 0:27 /.alsaequal.bin /home/seonwoo/.alsaequal.bin rw,relatime master:3 - zfs zroot/enc/perm/root/home/seonwoo rw,xattr,posixacl
mountid=4349 fsname=/.alsaequal.bin dir=/home/seonwoo/.alsaequal.bin fstype=zfs
Debug 735: file: /home/seonwoo/.config/ibus; dirfd: 4; topdir: /home/seonwoo; rel: .config/ibus
Whitelisting /home/seonwoo/.config/ibus
4350 4344 0:27 /.config/ibus /home/seonwoo/.config/ibus rw,relatime master:3 - zfs zroot/enc/perm/root/home/seonwoo rw,xattr,posixacl
mountid=4350 fsname=/.config/ibus dir=/home/seonwoo/.config/ibus fstype=zfs
Debug 735: file: /home/seonwoo/.config/mimeapps.list; dirfd: 4; topdir: /home/seonwoo; rel: .config/mimeapps.list
Whitelisting /home/seonwoo/.config/mimeapps.list
4351 4344 0:27 /.config/mimeapps.list /home/seonwoo/.config/mimeapps.list rw,relatime master:3 - zfs zroot/enc/perm/root/home/seonwoo rw,xattr,posixacl
mountid=4351 fsname=/.config/mimeapps.list dir=/home/seonwoo/.config/mimeapps.list fstype=zfs
Debug 735: file: /home/seonwoo/.config/user-dirs.dirs; dirfd: 4; topdir: /home/seonwoo; rel: .config/user-dirs.dirs
Whitelisting /home/seonwoo/.config/user-dirs.dirs
4352 4344 0:27 /.config/user-dirs.dirs /home/seonwoo/.config/user-dirs.dirs rw,relatime master:3 - zfs zroot/enc/perm/root/home/seonwoo rw,xattr,posixacl
mountid=4352 fsname=/.config/user-dirs.dirs dir=/home/seonwoo/.config/user-dirs.dirs fstype=zfs
Debug 735: file: /home/seonwoo/.config/user-dirs.locale; dirfd: 4; topdir: /home/seonwoo; rel: .config/user-dirs.locale
Whitelisting /home/seonwoo/.config/user-dirs.locale
4353 4344 0:27 /.config/user-dirs.locale /home/seonwoo/.config/user-dirs.locale rw,relatime master:3 - zfs zroot/enc/perm/root/home/seonwoo rw,xattr,posixacl
mountid=4353 fsname=/.config/user-dirs.locale dir=/home/seonwoo/.config/user-dirs.locale fstype=zfs
Debug 735: file: /home/seonwoo/.icons; dirfd: 4; topdir: /home/seonwoo; rel: .icons
Whitelisting /home/seonwoo/.icons
4354 4344 0:27 /.icons /home/seonwoo/.icons rw,relatime master:3 - zfs zroot/enc/perm/root/home/seonwoo rw,xattr,posixacl
mountid=4354 fsname=/.icons dir=/home/seonwoo/.icons fstype=zfs
Debug 735: file: /home/seonwoo/.local/share/applications; dirfd: 4; topdir: /home/seonwoo; rel: .local/share/applications
Whitelisting /home/seonwoo/.local/share/applications
4355 4344 0:27 /.local/share/applications /home/seonwoo/.local/share/applications rw,relatime master:3 - zfs zroot/enc/perm/root/home/seonwoo rw,xattr,posixacl
mountid=4355 fsname=/.local/share/applications dir=/home/seonwoo/.local/share/applications fstype=zfs
Debug 735: file: /home/seonwoo/.local/share/icons; dirfd: 4; topdir: /home/seonwoo; rel: .local/share/icons
Whitelisting /home/seonwoo/.local/share/icons
4356 4344 0:27 /.local/share/icons /home/seonwoo/.local/share/icons rw,relatime master:3 - zfs zroot/enc/perm/root/home/seonwoo rw,xattr,posixacl
mountid=4356 fsname=/.local/share/icons dir=/home/seonwoo/.local/share/icons fstype=zfs
Debug 735: file: /home/seonwoo/.local/share/mime; dirfd: 4; topdir: /home/seonwoo; rel: .local/share/mime
Whitelisting /home/seonwoo/.local/share/mime
4357 4344 0:27 /.local/share/mime /home/seonwoo/.local/share/mime rw,relatime master:3 - zfs zroot/enc/perm/root/home/seonwoo rw,xattr,posixacl
mountid=4357 fsname=/.local/share/mime dir=/home/seonwoo/.local/share/mime fstype=zfs
Debug 735: file: /home/seonwoo/.config/dconf; dirfd: 4; topdir: /home/seonwoo; rel: .config/dconf
Whitelisting /home/seonwoo/.config/dconf
4358 4344 0:27 /.config/dconf /home/seonwoo/.config/dconf rw,relatime master:3 - zfs zroot/enc/perm/root/home/seonwoo rw,xattr,posixacl
mountid=4358 fsname=/.config/dconf dir=/home/seonwoo/.config/dconf fstype=zfs
Debug 735: file: /home/seonwoo/.config/fontconfig; dirfd: 4; topdir: /home/seonwoo; rel: .config/fontconfig
Whitelisting /home/seonwoo/.config/fontconfig
4359 4344 0:27 /.config/fontconfig /home/seonwoo/.config/fontconfig rw,relatime master:3 - zfs zroot/enc/perm/root/home/seonwoo rw,xattr,posixacl
mountid=4359 fsname=/.config/fontconfig dir=/home/seonwoo/.config/fontconfig fstype=zfs
Debug 735: file: /home/seonwoo/.config/fontconfig/fonts.conf; dirfd: 4; topdir: /home/seonwoo; rel: .config/fontconfig/fonts.conf
Created symbolic link /home/seonwoo/.fonts.conf -> /home/seonwoo/.config/fontconfig/fonts.conf
Debug 735: file: /home/seonwoo/.config/gtk-2.0; dirfd: 4; topdir: /home/seonwoo; rel: .config/gtk-2.0
Whitelisting /home/seonwoo/.config/gtk-2.0
4360 4344 0:27 /.config/gtk-2.0 /home/seonwoo/.config/gtk-2.0 rw,relatime master:3 - zfs zroot/enc/perm/root/home/seonwoo rw,xattr,posixacl
mountid=4360 fsname=/.config/gtk-2.0 dir=/home/seonwoo/.config/gtk-2.0 fstype=zfs
Debug 735: file: /home/seonwoo/.config/gtk-3.0; dirfd: 4; topdir: /home/seonwoo; rel: .config/gtk-3.0
Whitelisting /home/seonwoo/.config/gtk-3.0
4361 4344 0:27 /.config/gtk-3.0 /home/seonwoo/.config/gtk-3.0 rw,relatime master:3 - zfs zroot/enc/perm/root/home/seonwoo rw,xattr,posixacl
mountid=4361 fsname=/.config/gtk-3.0 dir=/home/seonwoo/.config/gtk-3.0 fstype=zfs
Debug 735: file: /home/seonwoo/.config/gtkrc; dirfd: 4; topdir: /home/seonwoo; rel: .config/gtkrc
Whitelisting /home/seonwoo/.config/gtkrc
4362 4344 0:27 /.config/gtkrc /home/seonwoo/.config/gtkrc rw,relatime master:3 - zfs zroot/enc/perm/root/home/seonwoo rw,xattr,posixacl
mountid=4362 fsname=/.config/gtkrc dir=/home/seonwoo/.config/gtkrc fstype=zfs
Debug 735: file: /home/seonwoo/.config/gtkrc-2.0; dirfd: 4; topdir: /home/seonwoo; rel: .config/gtkrc-2.0
Whitelisting /home/seonwoo/.config/gtkrc-2.0
4363 4344 0:27 /.config/gtkrc-2.0 /home/seonwoo/.config/gtkrc-2.0 rw,relatime master:3 - zfs zroot/enc/perm/root/home/seonwoo rw,xattr,posixacl
mountid=4363 fsname=/.config/gtkrc-2.0 dir=/home/seonwoo/.config/gtkrc-2.0 fstype=zfs
Debug 735: file: /home/seonwoo/.themes; dirfd: 4; topdir: /home/seonwoo; rel: .themes
Whitelisting /home/seonwoo/.themes
4364 4344 0:27 /.themes /home/seonwoo/.themes rw,relatime master:3 - zfs zroot/enc/perm/root/home/seonwoo rw,xattr,posixacl
mountid=4364 fsname=/.themes dir=/home/seonwoo/.themes fstype=zfs
Debug 735: file: /home/seonwoo/.config/Trolltech.conf; dirfd: 4; topdir: /home/seonwoo; rel: .config/Trolltech.conf
Whitelisting /home/seonwoo/.config/Trolltech.conf
4365 4344 0:27 /.config/Trolltech.conf /home/seonwoo/.config/Trolltech.conf rw,relatime master:3 - zfs zroot/enc/perm/root/home/seonwoo rw,xattr,posixacl
mountid=4365 fsname=/.config/Trolltech.conf dir=/home/seonwoo/.config/Trolltech.conf fstype=zfs
Debug 735: file: /home/seonwoo/.config/QtProject.conf; dirfd: 4; topdir: /home/seonwoo; rel: .config/QtProject.conf
Whitelisting /home/seonwoo/.config/QtProject.conf
4366 4344 0:27 /.config/QtProject.conf /home/seonwoo/.config/QtProject.conf rw,relatime master:3 - zfs zroot/enc/perm/root/home/seonwoo rw,xattr,posixacl
mountid=4366 fsname=/.config/QtProject.conf dir=/home/seonwoo/.config/QtProject.conf fstype=zfs
Debug 735: file: /home/seonwoo/.kde4/share/config/kdeglobals; dirfd: 4; topdir: /home/seonwoo; rel: .kde4/share/config/kdeglobals
Whitelisting /home/seonwoo/.kde4/share/config/kdeglobals
4367 4344 0:27 /.kde4/share/config/kdeglobals /home/seonwoo/.kde4/share/config/kdeglobals rw,relatime master:3 - zfs zroot/enc/perm/root/home/seonwoo rw,xattr,posixacl
mountid=4367 fsname=/.kde4/share/config/kdeglobals dir=/home/seonwoo/.kde4/share/config/kdeglobals fstype=zfs
Debug 735: file: /var/lib/dbus; dirfd: 7; topdir: /var; rel: lib/dbus
Whitelisting /var/lib/dbus
4368 4342 0:25 /var/lib/dbus /var/lib/dbus ro,nosuid,nodev,noexec,relatime master:1 - zfs zroot/enc/perm/root rw,xattr,posixacl
mountid=4368 fsname=/var/lib/dbus dir=/var/lib/dbus fstype=zfs
Debug 735: file: /var/cache/fontconfig; dirfd: 7; topdir: /var; rel: cache/fontconfig
Whitelisting /var/cache/fontconfig
4369 4342 0:45 /fontconfig /var/cache/fontconfig ro,nosuid,nodev,noexec,noatime master:27 - zfs zroot/enc/ephem/no-repl/var/cache rw,xattr,posixacl
mountid=4369 fsname=/fontconfig dir=/var/cache/fontconfig fstype=zfs
Debug 735: file: /var/tmp; dirfd: 7; topdir: /var; rel: tmp
Whitelisting /var/tmp
4370 4342 0:223 / /var/tmp rw,nosuid,nodev,noexec - tmpfs tmpfs rw,inode64
mountid=4370 fsname=/ dir=/var/tmp fstype=tmpfs
Created symbolic link /var/run -> /run
Created symbolic link /var/lock -> /run/lock
Debug 735: file: /tmp/.X11-unix; dirfd: 5; topdir: /tmp; rel: .X11-unix
Whitelisting /tmp/.X11-unix
4371 4341 0:78 /.X11-unix /tmp/.X11-unix rw,nosuid,nodev,relatime master:128 - tmpfs tmpfs rw,size=6291456k,inode64
mountid=4371 fsname=/.X11-unix dir=/tmp/.X11-unix fstype=tmpfs
Warning: you are not allowed to mount a tmpfs on /home/seonwoo/.config/Lightcord/Cache
Warning: you are not allowed to mount a tmpfs on /home/seonwoo/.config/Lightcord/Code Cache
Warning: you are not allowed to mount a tmpfs on /home/seonwoo/.config/Lightcord/GPUCache
Mounting read-only /home/seonwoo/.Xauthority
4372 4344 0:251 /seonwoo/.Xauthority /home/seonwoo/.Xauthority ro,nosuid,nodev,noexec - tmpfs tmpfs rw,mode=755,inode64
mountid=4372 fsname=/seonwoo/.Xauthority dir=/home/seonwoo/.Xauthority fstype=tmpfs
Mounting read-only /home/seonwoo/.kde4/share/config/kdeglobals
4373 4367 0:27 /.kde4/share/config/kdeglobals /home/seonwoo/.kde4/share/config/kdeglobals ro,relatime master:3 - zfs zroot/enc/perm/root/home/seonwoo rw,xattr,posixacl
mountid=4373 fsname=/.kde4/share/config/kdeglobals dir=/home/seonwoo/.kde4/share/config/kdeglobals fstype=zfs
Mounting read-only /home/seonwoo/.config/dconf
4374 4358 0:27 /.config/dconf /home/seonwoo/.config/dconf ro,relatime master:3 - zfs zroot/enc/perm/root/home/seonwoo rw,xattr,posixacl
mountid=4374 fsname=/.config/dconf dir=/home/seonwoo/.config/dconf fstype=zfs
Disable /run/user/1000/systemd
Disable /usr/share/applications/veracrypt.desktop
Disable /usr/share/pixmaps/veracrypt.xpm
Disable /run/rpcbind.sock (requested /var/run/rpcbind.sock)
Disable /run/screens (requested /var/run/screens)
Mounting read-only /home/seonwoo/.local/share/applications
4380 4355 0:27 /.local/share/applications /home/seonwoo/.local/share/applications ro,relatime master:3 - zfs zroot/enc/perm/root/home/seonwoo rw,xattr,posixacl
mountid=4380 fsname=/.local/share/applications dir=/home/seonwoo/.local/share/applications fstype=zfs
Mounting read-only /home/seonwoo/.config/mimeapps.list
4381 4351 0:27 /.config/mimeapps.list /home/seonwoo/.config/mimeapps.list ro,relatime master:3 - zfs zroot/enc/perm/root/home/seonwoo rw,xattr,posixacl
mountid=4381 fsname=/.config/mimeapps.list dir=/home/seonwoo/.config/mimeapps.list fstype=zfs
Mounting read-only /home/seonwoo/.config/user-dirs.dirs
4382 4352 0:27 /.config/user-dirs.dirs /home/seonwoo/.config/user-dirs.dirs ro,relatime master:3 - zfs zroot/enc/perm/root/home/seonwoo rw,xattr,posixacl
mountid=4382 fsname=/.config/user-dirs.dirs dir=/home/seonwoo/.config/user-dirs.dirs fstype=zfs
Mounting read-only /home/seonwoo/.config/user-dirs.locale
4383 4353 0:27 /.config/user-dirs.locale /home/seonwoo/.config/user-dirs.locale ro,relatime master:3 - zfs zroot/enc/perm/root/home/seonwoo rw,xattr,posixacl
mountid=4383 fsname=/.config/user-dirs.locale dir=/home/seonwoo/.config/user-dirs.locale fstype=zfs
Mounting read-only /home/seonwoo/.local/share/mime
4384 4357 0:27 /.local/share/mime /home/seonwoo/.local/share/mime ro,relatime master:3 - zfs zroot/enc/perm/root/home/seonwoo rw,xattr,posixacl
mountid=4384 fsname=/.local/share/mime dir=/home/seonwoo/.local/share/mime fstype=zfs
Warning: /sbin directory link was not blacklisted
Disable /usr/local/sbin
Warning: /usr/sbin directory link was not blacklisted
Warning (blacklisting): cannot open /usr/local/sbin/at: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/busybox: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/chage: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/chfn: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/chsh: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/crontab: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/evtest: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/expiry: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/fusermount: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/gksu: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/gksudo: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/gpasswd: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/kdesudo: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/ksu: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/mount: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/mount.ecryptfs_private: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/nc: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/ncat: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/nmap: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/newgidmap: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/newgrp: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/newuidmap: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/ntfs-3g: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/pkexec: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/procmail: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/sg: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/strace: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/su: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/sudo: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/tcpdump: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/umount: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/unix_chkpwd: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/xev: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/xinput: Permission denied
Disable /usr/lib/virtualbox
Disable /usr/lib/virtualbox (requested /usr/lib64/virtualbox)
Warning (blacklisting): cannot open /usr/local/sbin/lxterminal: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/gnome-terminal: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/gnome-terminal.wrapper: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/lilyterm: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/mate-terminal: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/mate-terminal.wrapper: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/pantheon-terminal: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/roxterm: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/roxterm-config: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/terminix: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/tilix: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/urxvtc: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/urxvtcd: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/xfce4-terminal: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/xfce4-terminal.wrapper: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/bwrap: Permission denied
Disable /proc/config.gz
Warning (blacklisting): cannot open /usr/local/sbin/dig: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/dlint: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/dns2tcp: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/dnssec-*: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/dnswalk: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/drill: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/host: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/iodine: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/kdig: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/khost: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/knsupdate: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/ldns-*: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/ldnsd: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/nslookup: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/resolvectl: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/unbound-host: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/clang*: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/lldb*: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/llvm*: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/as: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/cc: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/c++*: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/c8*: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/c9*: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/cpp*: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/g++*: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/gcc*: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/gdb: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/ld: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/*-gcc*: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/*-g++*: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/*-gcc*: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/*-g++*: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/gccgo: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/go: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/gofmt: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/java: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/javac: Permission denied
Disable /usr/share/java
Warning (blacklisting): cannot open /usr/local/sbin/openssl: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/openssl-1.0: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/rust-gdb: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/rust-lldb: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/rustc: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/tcc: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/x86_64-tcc: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/valgrind*: Permission denied
Disable /usr/src
Disable /usr/local/src
Disable /usr/include
Disable /usr/local/include
Mounting noexec /run/user/1000
4398 4397 0:23 /firejail/firejail.ro.dir /run/user/1000/systemd rw,nosuid,nodev,relatime master:14 - tmpfs run rw,mode=755,inode64
mountid=4398 fsname=/firejail/firejail.ro.dir dir=/run/user/1000/systemd fstype=tmpfs
Warning: not remounting /run/user/1000/gvfs
Mounting noexec /dev/shm
4399 4306 0:243 /shm /dev/shm rw,nosuid,nodev,noexec - tmpfs tmpfs rw,mode=755,inode64
mountid=4399 fsname=/shm dir=/dev/shm fstype=tmpfs
Mounting noexec /tmp
4402 4400 0:78 /.X11-unix /tmp/.X11-unix rw,nosuid,nodev,relatime master:128 - tmpfs tmpfs rw,size=6291456k,inode64
mountid=4402 fsname=/.X11-unix dir=/tmp/.X11-unix fstype=tmpfs
Mounting noexec /tmp/Lightcord
4403 4401 0:78 /Lightcord /tmp/Lightcord rw,nosuid,nodev,noexec,relatime master:128 - tmpfs tmpfs rw,size=6291456k,inode64
mountid=4403 fsname=/Lightcord dir=/tmp/Lightcord fstype=tmpfs
Mounting noexec /tmp/.X11-unix
4404 4402 0:78 /.X11-unix /tmp/.X11-unix rw,nosuid,nodev,noexec,relatime master:128 - tmpfs tmpfs rw,size=6291456k,inode64
mountid=4404 fsname=/.X11-unix dir=/tmp/.X11-unix fstype=tmpfs
Mounting read-only /tmp/.X11-unix
4405 4404 0:78 /.X11-unix /tmp/.X11-unix ro,nosuid,nodev,noexec,relatime master:128 - tmpfs tmpfs rw,size=6291456k,inode64
mountid=4405 fsname=/.X11-unix dir=/tmp/.X11-unix fstype=tmpfs
Disable /sys/fs
Disable /sys/module
Disable /mnt
Disable /run/mount
Disable /run/media
disable pulseaudio
blacklist /run/user/1000/pulse/native
blacklist /run/user/1000/pulse
Current directory: /home/seonwoo
DISPLAY=:0.0 parsed as 0
Install protocol filter: unix,inet,inet6,netlink
configuring 22 seccomp entries in /run/firejail/mnt/seccomp/seccomp.protocol
sbox run: /usr/lib/firejail/fsec-print /run/firejail/mnt/seccomp/seccomp.protocol 
Dropping all capabilities
Drop privileges: pid 30, uid 1000, gid 100, nogroups 1
No supplementary groups
 line  OP JT JF    K
=================================
 0000: 20 00 00 00000004   ld  data.architecture
 0001: 15 04 00 c000003e   jeq ARCH_64 0006 (false 0002)
 0002: 20 00 00 00000000   ld  data.syscall-number
 0003: 15 01 00 00000167   jeq unknown 0005 (false 0004)
 0004: 06 00 00 7fff0000   ret ALLOW
 0005: 05 00 00 00000006   jmp 000c
 0006: 20 00 00 00000004   ld  data.architecture
 0007: 15 01 00 c000003e   jeq ARCH_64 0009 (false 0008)
 0008: 06 00 00 7fff0000   ret ALLOW
 0009: 20 00 00 00000000   ld  data.syscall-number
 000a: 15 01 00 00000029   jeq socket 000c (false 000b)
 000b: 06 00 00 7fff0000   ret ALLOW
 000c: 20 00 00 00000010   ld  data.args[0]
 000d: 15 00 01 00000001   jeq 1 000e (false 000f)
 000e: 06 00 00 7fff0000   ret ALLOW
 000f: 15 00 01 00000002   jeq 2 0010 (false 0011)
 0010: 06 00 00 7fff0000   ret ALLOW
 0011: 15 00 01 0000000a   jeq a 0012 (false 0013)
 0012: 06 00 00 7fff0000   ret ALLOW
 0013: 15 00 01 00000010   jeq 10 0014 (false 0015)
 0014: 06 00 00 7fff0000   ret ALLOW
 0015: 06 00 00 0005005f   ret ERRNO(95)
configuring 54 seccomp entries in /run/firejail/mnt/seccomp/seccomp.32
sbox run: /usr/lib/firejail/fsec-print /run/firejail/mnt/seccomp/seccomp.32 
Dropping all capabilities
Drop privileges: pid 31, uid 1000, gid 100, nogroups 1
No supplementary groups
 line  OP JT JF    K
=================================
 0000: 20 00 00 00000004   ld  data.architecture
 0001: 15 01 00 40000003   jeq ARCH_32 0003 (false 0002)
 0002: 06 00 00 7fff0000   ret ALLOW
 0003: 20 00 00 00000000   ld  data.syscall-number
 0004: 15 30 00 00000015   jeq 15 0035 (false 0005)
 0005: 15 2f 00 00000034   jeq 34 0035 (false 0006)
 0006: 15 2e 00 0000001a   jeq 1a 0035 (false 0007)
 0007: 15 2d 00 0000011b   jeq 11b 0035 (false 0008)
 0008: 15 2c 00 00000155   jeq 155 0035 (false 0009)
 0009: 15 2b 00 00000156   jeq 156 0035 (false 000a)
 000a: 15 2a 00 0000007f   jeq 7f 0035 (false 000b)
 000b: 15 29 00 00000080   jeq 80 0035 (false 000c)
 000c: 15 28 00 0000015e   jeq 15e 0035 (false 000d)
 000d: 15 27 00 00000081   jeq 81 0035 (false 000e)
 000e: 15 26 00 0000006e   jeq 6e 0035 (false 000f)
 000f: 15 25 00 00000065   jeq 65 0035 (false 0010)
 0010: 15 24 00 00000121   jeq 121 0035 (false 0011)
 0011: 15 23 00 00000057   jeq 57 0035 (false 0012)
 0012: 15 22 00 00000073   jeq 73 0035 (false 0013)
 0013: 15 21 00 00000067   jeq 67 0035 (false 0014)
 0014: 15 20 00 0000015b   jeq 15b 0035 (false 0015)
 0015: 15 1f 00 0000015c   jeq 15c 0035 (false 0016)
 0016: 15 1e 00 00000087   jeq 87 0035 (false 0017)
 0017: 15 1d 00 00000095   jeq 95 0035 (false 0018)
 0018: 15 1c 00 0000007c   jeq 7c 0035 (false 0019)
 0019: 15 1b 00 00000157   jeq 157 0035 (false 001a)
 001a: 15 1a 00 000000fd   jeq fd 0035 (false 001b)
 001b: 15 19 00 00000150   jeq 150 0035 (false 001c)
 001c: 15 18 00 00000152   jeq 152 0035 (false 001d)
 001d: 15 17 00 0000015d   jeq 15d 0035 (false 001e)
 001e: 15 16 00 0000011e   jeq 11e 0035 (false 001f)
 001f: 15 15 00 0000011f   jeq 11f 0035 (false 0020)
 0020: 15 14 00 00000120   jeq 120 0035 (false 0021)
 0021: 15 13 00 00000056   jeq 56 0035 (false 0022)
 0022: 15 12 00 00000033   jeq 33 0035 (false 0023)
 0023: 15 11 00 0000007b   jeq 7b 0035 (false 0024)
 0024: 15 10 00 000000d9   jeq d9 0035 (false 0025)
 0025: 15 0f 00 000000f5   jeq f5 0035 (false 0026)
 0026: 15 0e 00 000000f6   jeq f6 0035 (false 0027)
 0027: 15 0d 00 000000f7   jeq f7 0035 (false 0028)
 0028: 15 0c 00 000000f8   jeq f8 0035 (false 0029)
 0029: 15 0b 00 000000f9   jeq f9 0035 (false 002a)
 002a: 15 0a 00 00000101   jeq 101 0035 (false 002b)
 002b: 15 09 00 00000112   jeq 112 0035 (false 002c)
 002c: 15 08 00 00000114   jeq 114 0035 (false 002d)
 002d: 15 07 00 00000126   jeq 126 0035 (false 002e)
 002e: 15 06 00 0000013d   jeq 13d 0035 (false 002f)
 002f: 15 05 00 0000013c   jeq 13c 0035 (false 0030)
 0030: 15 04 00 0000003d   jeq 3d 0035 (false 0031)
 0031: 15 03 00 00000058   jeq 58 0035 (false 0032)
 0032: 15 02 00 000000a9   jeq a9 0035 (false 0033)
 0033: 15 01 00 00000082   jeq 82 0035 (false 0034)
 0034: 06 00 00 7fff0000   ret ALLOW
 0035: 06 00 00 00050001   ret ERRNO(1)
Dual 32/64 bit seccomp filter configured
Build default+drop seccomp filter
sbox run: /run/firejail/lib/fseccomp default drop /run/firejail/mnt/seccomp/seccomp /run/firejail/mnt/seccomp/seccomp.postexec !chroot 
Dropping all capabilities
Drop privileges: pid 32, uid 1000, gid 100, nogroups 1
No supplementary groups
Seccomp list in: !chroot, check list: @default-keep, prelist: unknown,
sbox run: /run/firejail/lib/fsec-optimize /run/firejail/mnt/seccomp/seccomp 
Dropping all capabilities
Drop privileges: pid 33, uid 1000, gid 100, nogroups 1
No supplementary groups
configuring 73 seccomp entries in /run/firejail/mnt/seccomp/seccomp
sbox run: /usr/lib/firejail/fsec-print /run/firejail/mnt/seccomp/seccomp 
Dropping all capabilities
Drop privileges: pid 34, uid 1000, gid 100, nogroups 1
No supplementary groups
 line  OP JT JF    K
=================================
 0000: 20 00 00 00000004   ld  data.architecture
 0001: 15 01 00 c000003e   jeq ARCH_64 0003 (false 0002)
 0002: 06 00 00 7fff0000   ret ALLOW
 0003: 20 00 00 00000000   ld  data.syscall-number
 0004: 35 01 00 40000000   jge X32_ABI 0006 (false 0005)
 0005: 35 01 00 00000000   jge read 0007 (false 0006)
 0006: 06 00 00 00050001   ret ERRNO(1)
 0007: 15 00 01 000000a1   jeq chroot 0008 (false 0009)
 0008: 06 00 00 7fff0000   ret ALLOW
 0009: 15 3e 00 0000009f   jeq adjtimex 0048 (false 000a)
 000a: 15 3d 00 00000131   jeq clock_adjtime 0048 (false 000b)
 000b: 15 3c 00 000000e3   jeq clock_settime 0048 (false 000c)
 000c: 15 3b 00 000000a4   jeq settimeofday 0048 (false 000d)
 000d: 15 3a 00 0000009a   jeq modify_ldt 0048 (false 000e)
 000e: 15 39 00 000000d4   jeq lookup_dcookie 0048 (false 000f)
 000f: 15 38 00 0000012a   jeq perf_event_open 0048 (false 0010)
 0010: 15 37 00 00000137   jeq process_vm_writev 0048 (false 0011)
 0011: 15 36 00 000000b0   jeq delete_module 0048 (false 0012)
 0012: 15 35 00 00000139   jeq finit_module 0048 (false 0013)
 0013: 15 34 00 000000af   jeq init_module 0048 (false 0014)
 0014: 15 33 00 000000a1   jeq chroot 0048 (false 0015)
 0015: 15 32 00 000000a5   jeq mount 0048 (false 0016)
 0016: 15 31 00 0000009b   jeq pivot_root 0048 (false 0017)
 0017: 15 30 00 000000a6   jeq umount2 0048 (false 0018)
 0018: 15 2f 00 0000009c   jeq _sysctl 0048 (false 0019)
 0019: 15 2e 00 000000b7   jeq afs_syscall 0048 (false 001a)
 001a: 15 2d 00 000000ae   jeq create_module 0048 (false 001b)
 001b: 15 2c 00 000000b1   jeq get_kernel_syms 0048 (false 001c)
 001c: 15 2b 00 000000b5   jeq getpmsg 0048 (false 001d)
 001d: 15 2a 00 000000b6   jeq putpmsg 0048 (false 001e)
 001e: 15 29 00 000000b2   jeq query_module 0048 (false 001f)
 001f: 15 28 00 000000b9   jeq security 0048 (false 0020)
 0020: 15 27 00 0000008b   jeq sysfs 0048 (false 0021)
 0021: 15 26 00 000000b8   jeq tuxcall 0048 (false 0022)
 0022: 15 25 00 00000086   jeq uselib 0048 (false 0023)
 0023: 15 24 00 00000088   jeq ustat 0048 (false 0024)
 0024: 15 23 00 000000ec   jeq vserver 0048 (false 0025)
 0025: 15 22 00 000000ad   jeq ioperm 0048 (false 0026)
 0026: 15 21 00 000000ac   jeq iopl 0048 (false 0027)
 0027: 15 20 00 000000f6   jeq kexec_load 0048 (false 0028)
 0028: 15 1f 00 00000140   jeq kexec_file_load 0048 (false 0029)
 0029: 15 1e 00 000000a9   jeq reboot 0048 (false 002a)
 002a: 15 1d 00 000000a7   jeq swapon 0048 (false 002b)
 002b: 15 1c 00 000000a8   jeq swapoff 0048 (false 002c)
 002c: 15 1b 00 00000130   jeq open_by_handle_at 0048 (false 002d)
 002d: 15 1a 00 0000012f   jeq name_to_handle_at 0048 (false 002e)
 002e: 15 19 00 000000fb   jeq ioprio_set 0048 (false 002f)
 002f: 15 18 00 00000067   jeq syslog 0048 (false 0030)
 0030: 15 17 00 0000012c   jeq fanotify_init 0048 (false 0031)
 0031: 15 16 00 000000f8   jeq add_key 0048 (false 0032)
 0032: 15 15 00 000000f9   jeq request_key 0048 (false 0033)
 0033: 15 14 00 000000ed   jeq mbind 0048 (false 0034)
 0034: 15 13 00 00000100   jeq migrate_pages 0048 (false 0035)
 0035: 15 12 00 00000117   jeq move_pages 0048 (false 0036)
 0036: 15 11 00 000000fa   jeq keyctl 0048 (false 0037)
 0037: 15 10 00 000000ce   jeq io_setup 0048 (false 0038)
 0038: 15 0f 00 000000cf   jeq io_destroy 0048 (false 0039)
 0039: 15 0e 00 000000d0   jeq io_getevents 0048 (false 003a)
 003a: 15 0d 00 000000d1   jeq io_submit 0048 (false 003b)
 003b: 15 0c 00 000000d2   jeq io_cancel 0048 (false 003c)
 003c: 15 0b 00 000000d8   jeq remap_file_pages 0048 (false 003d)
 003d: 15 0a 00 00000143   jeq userfaultfd 0048 (false 003e)
 003e: 15 09 00 000000a3   jeq acct 0048 (false 003f)
 003f: 15 08 00 00000141   jeq bpf 0048 (false 0040)
 0040: 15 07 00 000000b4   jeq nfsservctl 0048 (false 0041)
 0041: 15 06 00 000000ab   jeq setdomainname 0048 (false 0042)
 0042: 15 05 00 000000aa   jeq sethostname 0048 (false 0043)
 0043: 15 04 00 00000099   jeq vhangup 0048 (false 0044)
 0044: 15 03 00 00000065   jeq ptrace 0048 (false 0045)
 0045: 15 02 00 00000087   jeq personality 0048 (false 0046)
 0046: 15 01 00 00000136   jeq process_vm_readv 0048 (false 0047)
 0047: 06 00 00 7fff0000   ret ALLOW
 0048: 06 00 00 00050001   ret ERRNO(1)
seccomp filter configured
Mounting read-only /run/firejail/mnt/seccomp
4413 1702 0:50 /seccomp /run/firejail/mnt/seccomp ro,nosuid - tmpfs tmpfs rw,mode=755,inode64
mountid=4413 fsname=/seccomp dir=/run/firejail/mnt/seccomp fstype=tmpfs
Seccomp directory:
ls /run/firejail/mnt/seccomp
drwxr-xr-x root     root             160 .
drwxr-xr-x root     root             320 ..
-rw-r--r-- 1000     users            584 seccomp
-rw-r--r-- 1000     users            432 seccomp.32
-rw-r--r-- 1000     users            114 seccomp.list
-rw-r--r-- 1000     users              0 seccomp.postexec
-rw-r--r-- 1000     users              0 seccomp.postexec32
-rw-r--r-- 1000     users            176 seccomp.protocol
Active seccomp files:
cat /run/firejail/mnt/seccomp/seccomp.list
/run/firejail/mnt/seccomp/seccomp.protocol
/run/firejail/mnt/seccomp/seccomp.32
/run/firejail/mnt/seccomp/seccomp
Dropping all capabilities
noroot user namespace installed
Dropping all capabilities
NO_NEW_PRIVS set
Drop privileges: pid 1, uid 1000, gid 100, nogroups 0
Supplementary groups: 92 91 
Starting application
LD_PRELOAD=(null)
Running '/usr/bin/lightcord'  command through /bin/bash
execvp argument 0: /bin/bash
execvp argument 1: -c
execvp argument 2: '/usr/bin/lightcord' 
Child process initialized in 2176.19 ms
Installing /run/firejail/mnt/seccomp/seccomp seccomp filter
Installing /run/firejail/mnt/seccomp/seccomp.32 seccomp filter
Installing /run/firejail/mnt/seccomp/seccomp.protocol seccomp filter
monitoring pid 35

/home/seonwoo/.config/Lightcord undefined
Initializing Lightcord.
Version: undefined
releaseChannel: stable
commit: c2e6f78308e105fb7200783e92271c8e0e465157
Starting with version 0.1.8 because it hasn't been 1 week since the last check.
(node:35) [DEP0005] DeprecationWarning: Buffer() is deprecated due to security and usability issues. Please use the Buffer.alloc(), Buffer.allocUnsafe(), or Buffer.from() methods instead.
Sandbox monitor: waitpid 35 retval 35 status 0
Sandbox monitor: monitoring 39
monitoring pid 39

Originally created by @seonwoolee on GitHub (Jul 10, 2021). Original GitHub issue: https://github.com/netblue30/firejail/issues/4394 **Bug and expected behavior** According to the man page, I should be able to mount a tmpfs filesystem on any directory inside my user home directory, without having to run as root. However, I get these warnings ``` Warning: you are not allowed to mount a tmpfs on /home/seonwoo/.config/Lightcord/Cache Warning: you are not allowed to mount a tmpfs on /home/seonwoo/.config/Lightcord/Code Cache Warning: you are not allowed to mount a tmpfs on /home/seonwoo/.config/Lightcord/GPUCache ``` Lightcord is just another Discord client. I copied the discord profile and modified it. **Reproduce** /home/seonwoo/.config/firejail/lightcord.local ``` nosound novideo ``` /home/seonwoo/.config/firejail/lightcord.profile ``` # Firejail profile for discord # This file is overwritten after every install/update # Persistent local customizations include lightcord.local # Persistent global definitions include globals.local noblacklist ${HOME}/.config/lightcord noblacklist ${HOME}/.config/Lightcord noblacklist ${HOME}/.config/Lightcord_BD mkdir ${HOME}/.config/lightcord mkdir ${HOME}/.config/Lightcord mkdir ${HOME}/.config/Lightcord_BD whitelist ${HOME}/.config/lightcord whitelist ${HOME}/.config/Lightcord whitelist ${HOME}/.config/Lightcord_BD tmpfs ${HOME}/.config/Lightcord/Cache tmpfs ${HOME}/.config/Lightcord/Code Cache tmpfs ${HOME}/.config/Lightcord/GPUCache private-bin lightcord private-opt lightcord # Redirect include lightcord-common.profile ``` /home/seonwoo/.config/firejail/lightcord-common.profile ``` # Firejail profile for discord # This file is overwritten after every install/update # Persistent local customizations include lightcord-common.local # Persistent global definitions # added by caller profile #include globals.local ignore noexec ${HOME} include disable-common.inc include disable-devel.inc include disable-exec.inc include disable-passwdmgr.inc include disable-programs.inc #whitelist ${DOWNLOADS} whitelist ${HOME}/.config/BetterDiscord whitelist ${HOME}/.local/share/betterdiscordctl whitelist /tmp/Lightcord include whitelist-common.inc include whitelist-var-common.inc caps.drop all netfilter nodvd nogroups nonewprivs noroot notv nou2f novideo protocol unix,inet,inet6,netlink seccomp !chroot private-bin bash,cut,echo,egrep,fish,grep,head,sed,sh,tclsh,tr,xdg-mime,xdg-open,zsh private-dev private-etc alternatives,ca-certificates,crypto-policies,fonts,group,ld.so.cache,localtime,login.defs,machine-id,password,pki,resolv.conf,ssl private-tmp ``` **Environment** - Arch Linux ``` firejail version 0.9.66 Compile time support: - always force nonewprivs support is disabled - AppArmor support is enabled - AppImage support is enabled - chroot support is enabled - D-BUS proxy support is enabled - file and directory whitelisting support is enabled - file transfer support is enabled - firetunnel support is enabled - networking support is enabled - output logging is enabled - overlayfs support is disabled - private-home support is enabled - private-cache and tmpfs as user enabled - SELinux support is disabled - user namespace support is enabled - X11 sandboxing support is enabled ``` **Additional context** Apparmor has been enabled as well **Checklist** - [x] The profile (and redirect profile if exists) hasn't already been fixed [upstream](https://github.com/netblue30/firejail/tree/master/etc). - [x] The program has a profile. (If not, request one in `https://github.com/netblue30/firejail/issues/1139`) - [x] I have performed a short search for similar issues (to avoid opening a duplicate). - [x] If it is a AppImage, `--profile=PROFILENAME` is used to set the right profile. - [x] Used `LC_ALL=en_US.UTF-8 LANG=en_US.UTF-8 PROGRAM` to get english error-messages. - [x] I'm aware of `browser-allow-drm yes`/`browser-disable-u2f no` in `firejail.config` to allow DRM/U2F in browsers. - [ ] This is not a question. Questions should be asked in https://github.com/netblue30/firejail/discussions. <details><summary> debug output </summary> ``` Autoselecting /bin/bash as shell Building quoted command line: '/usr/bin/lightcord' Command name #lightcord# Found lightcord.profile profile in /home/seonwoo/.config/firejail directory Reading profile /home/seonwoo/.config/firejail/lightcord.profile Found lightcord.local profile in /home/seonwoo/.config/firejail directory Reading profile /home/seonwoo/.config/firejail/lightcord.local Found globals.local profile in /home/seonwoo/.config/firejail directory Reading profile /home/seonwoo/.config/firejail/globals.local Found lightcord-common.profile profile in /home/seonwoo/.config/firejail directory Reading profile /home/seonwoo/.config/firejail/lightcord-common.profile Found disable-common.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-common.inc Found disable-devel.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-devel.inc Found disable-exec.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-exec.inc Found disable-passwdmgr.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-passwdmgr.inc Found disable-programs.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-programs.inc Found whitelist-common.inc profile in /etc/firejail directory Reading profile /etc/firejail/whitelist-common.inc Found whitelist-var-common.inc profile in /etc/firejail directory Reading profile /etc/firejail/whitelist-var-common.inc Warning: Warning: NVIDIA card detected, nogroups command disabled [profile] combined protocol list: "unix,inet,inet6,netlink" Seccomp list in: !chroot, check list: @default-keep, prelist: unknown, DISPLAY=:0.0 parsed as 0 Using the local network stack Parent pid 2192114, child pid 2192115 Initializing child process Host network configured PID namespace installed Mounting tmpfs on /run/firejail/mnt directory Creating empty /run/firejail/mnt/seccomp directory Creating empty /run/firejail/mnt/seccomp/seccomp.protocol file Creating empty /run/firejail/mnt/seccomp/seccomp.postexec file Creating empty /run/firejail/mnt/seccomp/seccomp.postexec32 file IBUS_ADDRESS=unix:abstract=/tmp/dbus-BJS6Qv7B,guid=2018a1045b938f329cdc97075252c3a2 IBUS_DAEMON_PID=6623 Build protocol filter: unix,inet,inet6,netlink sbox run: /run/firejail/lib/fseccomp protocol build unix,inet,inet6,netlink /run/firejail/mnt/seccomp/seccomp.protocol Dropping all capabilities Drop privileges: pid 2, uid 1000, gid 100, nogroups 1 No supplementary groups Mounting /proc filesystem representing the PID namespace Basic read-only filesystem: Mounting read-only /etc 1705 129 0:25 /etc /etc ro,relatime master:1 - zfs zroot/enc/perm/root rw,xattr,posixacl mountid=1705 fsname=/etc dir=/etc fstype=zfs Mounting noexec /etc 1706 1705 0:25 /etc /etc ro,nosuid,nodev,noexec,relatime master:1 - zfs zroot/enc/perm/root rw,xattr,posixacl mountid=1706 fsname=/etc dir=/etc fstype=zfs Mounting read-only /var 1931 1707 0:81 / /var/lib/nfs/rpc_pipefs rw,relatime master:179 - rpc_pipefs sunrpc rw mountid=1931 fsname=/ dir=/var/lib/nfs/rpc_pipefs fstype=rpc_pipefs Mounting read-only /var/lib/systemd/coredump 1932 1708 0:41 / /var/lib/systemd/coredump ro,noatime master:22 - zfs zroot/enc/ephem/no-repl/coredump rw,xattr,posixacl mountid=1932 fsname=/ dir=/var/lib/systemd/coredump fstype=zfs Mounting read-only /var/tmp 1933 1709 0:42 / /var/tmp ro,noatime master:23 - zfs zroot/enc/ephem/no-repl/var/tmp rw,xattr,posixacl mountid=1933 fsname=/ dir=/var/tmp fstype=zfs Mounting read-only /var/log 2046 1710 0:43 / /var/log ro,noatime master:25 - zfs zroot/enc/ephem/no-repl/var/log rw,xattr,posixacl mountid=2046 fsname=/ dir=/var/log fstype=zfs Mounting read-only /var/cache 2047 1711 0:45 / /var/cache ro,noatime master:27 - zfs zroot/enc/ephem/no-repl/var/cache rw,xattr,posixacl mountid=2047 fsname=/ dir=/var/cache fstype=zfs Mounting read-only /var/lib/docker 2048 1712 0:47 / /var/lib/docker ro,noatime master:28 - zfs zroot/enc/ephem/no-repl/docker rw,xattr,posixacl mountid=2048 fsname=/ dir=/var/lib/docker fstype=zfs Mounting read-only /var/lib/nfs/rpc_pipefs 2287 1931 0:81 / /var/lib/nfs/rpc_pipefs ro,relatime master:179 - rpc_pipefs sunrpc rw mountid=2287 fsname=/ dir=/var/lib/nfs/rpc_pipefs fstype=rpc_pipefs Mounting noexec /var 2975 2974 0:81 / /var/lib/nfs/rpc_pipefs ro,relatime master:179 - rpc_pipefs sunrpc rw mountid=2975 fsname=/ dir=/var/lib/nfs/rpc_pipefs fstype=rpc_pipefs Mounting noexec /var/lib/systemd/coredump 2976 2402 0:41 / /var/lib/systemd/coredump ro,nosuid,nodev,noexec,noatime master:22 - zfs zroot/enc/ephem/no-repl/coredump rw,xattr,posixacl mountid=2976 fsname=/ dir=/var/lib/systemd/coredump fstype=zfs Mounting noexec /var/tmp 3089 2404 0:42 / /var/tmp ro,nosuid,nodev,noexec,noatime master:23 - zfs zroot/enc/ephem/no-repl/var/tmp rw,xattr,posixacl mountid=3089 fsname=/ dir=/var/tmp fstype=zfs Mounting noexec /var/log 3090 2646 0:43 / /var/log ro,nosuid,nodev,noexec,noatime master:25 - zfs zroot/enc/ephem/no-repl/var/log rw,xattr,posixacl mountid=3090 fsname=/ dir=/var/log fstype=zfs Mounting noexec /var/cache 3091 2760 0:45 / /var/cache ro,nosuid,nodev,noexec,noatime master:27 - zfs zroot/enc/ephem/no-repl/var/cache rw,xattr,posixacl mountid=3091 fsname=/ dir=/var/cache fstype=zfs Mounting noexec /var/lib/docker 3336 2762 0:47 / /var/lib/docker ro,nosuid,nodev,noexec,noatime master:28 - zfs zroot/enc/ephem/no-repl/docker rw,xattr,posixacl mountid=3336 fsname=/ dir=/var/lib/docker fstype=zfs Mounting noexec /var/lib/nfs/rpc_pipefs 3337 2975 0:81 / /var/lib/nfs/rpc_pipefs ro,nosuid,nodev,noexec,relatime master:179 - rpc_pipefs sunrpc rw mountid=3337 fsname=/ dir=/var/lib/nfs/rpc_pipefs fstype=rpc_pipefs Mounting read-only /usr Mounting tmpfs on /var/lock Mounting tmpfs on /var/tmp Mounting tmpfs on /var/log Create the new utmp file Mount the new utmp file Cleaning /home directory Cleaning /run/user directory Sanitizing /etc/passwd, UID_MIN 1000 Sanitizing /etc/group, GID_MIN 1000 Disable /home/seonwoo/.config/firejail Disable /run/firejail/network Disable /run/firejail/bandwidth Disable /run/firejail/name Disable /run/firejail/profile Disable /run/firejail/x11 Mounting tmpfs on /dev mounting /run/firejail/mnt/dev/dri directory mounting /run/firejail/mnt/dev/nvidia0 file mounting /run/firejail/mnt/dev/nvidiactl file mounting /run/firejail/mnt/dev/nvidia-modeset file mounting /run/firejail/mnt/dev/input directory Process /dev/shm directory Copying files in the new /opt directory: Copying /opt/lightcord to private /opt Creating empty /run/firejail/mnt/opt/lightcord directory sbox run: /run/firejail/lib/fcopy /opt/lightcord /run/firejail/mnt/opt/lightcord Warning fcopy: skipping /opt/lightcord/LICENSE, cannot find inode Warning fcopy: skipping /opt/lightcord/lightcord-bin-0.1.8.zip, cannot find inode Warning fcopy: skipping /opt/lightcord/Lightcord.desktop, cannot find inode Warning fcopy: skipping /opt/lightcord/lightcord.png, cannot find inode Mount-bind /run/firejail/mnt/opt on top of /opt Private /opt installed in 1814.20 ms Copying files in the new bin directory Checking /usr/local/bin/lightcord Checking /usr/bin/lightcord file /opt/lightcord/lightcord not found sbox run: /run/firejail/lib/fcopy /usr/bin/lightcord /run/firejail/mnt/bin Checking /usr/local/bin/bash Checking /usr/bin/bash sbox run: /run/firejail/lib/fcopy /usr/bin/bash /run/firejail/mnt/bin Checking /usr/local/bin/cut Checking /usr/bin/cut sbox run: /run/firejail/lib/fcopy /usr/bin/cut /run/firejail/mnt/bin Checking /usr/local/bin/echo Checking /usr/bin/echo sbox run: /run/firejail/lib/fcopy /usr/bin/echo /run/firejail/mnt/bin Checking /usr/local/bin/egrep Checking /usr/bin/egrep sbox run: /run/firejail/lib/fcopy /usr/bin/egrep /run/firejail/mnt/bin Checking /usr/local/bin/fish Checking /usr/bin/fish Checking /bin/fish Checking /usr/games/fish Checking /usr/local/games/fish Checking /usr/local/sbin/fish Checking /usr/sbin/fish Checking /sbin/fish Warning: file fish not found Checking /usr/local/bin/grep Checking /usr/bin/grep sbox run: /run/firejail/lib/fcopy /usr/bin/grep /run/firejail/mnt/bin Checking /usr/local/bin/head Checking /usr/bin/head sbox run: /run/firejail/lib/fcopy /usr/bin/head /run/firejail/mnt/bin Checking /usr/local/bin/sed Checking /usr/bin/sed sbox run: /run/firejail/lib/fcopy /usr/bin/sed /run/firejail/mnt/bin Checking /usr/local/bin/sh Checking /usr/bin/sh sbox run: /run/firejail/lib/fcopy /usr/bin/bash /run/firejail/mnt/bin sbox run: /run/firejail/lib/fcopy /usr/bin/sh /run/firejail/mnt/bin Checking /usr/local/bin/tclsh Checking /usr/bin/tclsh sbox run: /run/firejail/lib/fcopy /usr/bin/tclsh8.6 /run/firejail/mnt/bin sbox run: /run/firejail/lib/fcopy /usr/bin/tclsh /run/firejail/mnt/bin Checking /usr/local/bin/tr Checking /usr/bin/tr sbox run: /run/firejail/lib/fcopy /usr/bin/tr /run/firejail/mnt/bin Checking /usr/local/bin/xdg-mime Checking /usr/bin/xdg-mime sbox run: /run/firejail/lib/fcopy /usr/bin/xdg-mime /run/firejail/mnt/bin Checking /usr/local/bin/xdg-open Checking /usr/bin/xdg-open sbox run: /run/firejail/lib/fcopy /usr/bin/xdg-open /run/firejail/mnt/bin Checking /usr/local/bin/zsh Checking /usr/bin/zsh Checking /bin/zsh Checking /usr/games/zsh Checking /usr/local/games/zsh Checking /usr/local/sbin/zsh Checking /usr/sbin/zsh Checking /sbin/zsh Warning: file zsh not found Mount-bind /run/firejail/mnt/bin on top of /usr/local/bin Mount-bind /run/firejail/mnt/bin on top of /usr/bin Mount-bind /run/firejail/mnt/bin on top of /bin Mount-bind /run/firejail/mnt/bin on top of /usr/local/games Mount-bind /run/firejail/mnt/bin on top of /usr/local/sbin Mount-bind /run/firejail/mnt/bin on top of /usr/sbin Mount-bind /run/firejail/mnt/bin on top of /sbin 15 programs installed in 36.15 ms Generate private-tmp whitelist commands blacklist /run/firejail/dbus Mounting read-only /proc/sys Remounting /sys directory Disable /sys/firmware Disable /sys/hypervisor Disable /sys/power Disable /proc/sys/fs/binfmt_misc Disable /proc/sys/kernel/core_pattern Disable /proc/sys/kernel/modprobe Disable /proc/sysrq-trigger Disable /proc/sys/vm/panic_on_oom Disable /proc/irq Disable /proc/bus Disable /proc/sched_debug Disable /proc/timer_list Disable /proc/kallsyms Disable /usr/lib/modules/5.12.15-arch1-1/build (requested /usr/src/linux) Disable /usr/lib/modules (requested /lib/modules) Disable /boot Disable /run/user/1000/gnupg Disable /run/user/1000/systemd Disable /proc/kmsg Copying files in the new /etc directory: Warning: file /etc/alternatives not found. Warning: skipping alternatives for private /etc Copying /etc/ca-certificates to private /etc Creating empty /run/firejail/mnt/etc/ca-certificates directory sbox run: /run/firejail/lib/fcopy /etc/ca-certificates /run/firejail/mnt/etc/ca-certificates Warning: file /etc/crypto-policies not found. Warning: skipping crypto-policies for private /etc Copying /etc/fonts to private /etc Creating empty /run/firejail/mnt/etc/fonts directory sbox run: /run/firejail/lib/fcopy /etc/fonts /run/firejail/mnt/etc/fonts Copying /etc/group to private /etc sbox run: /run/firejail/lib/fcopy /etc/group /run/firejail/mnt/etc Copying /etc/ld.so.cache to private /etc sbox run: /run/firejail/lib/fcopy /etc/ld.so.cache /run/firejail/mnt/etc Copying /etc/localtime to private /etc sbox run: /run/firejail/lib/fcopy /etc/localtime /run/firejail/mnt/etc Copying /etc/login.defs to private /etc sbox run: /run/firejail/lib/fcopy /etc/login.defs /run/firejail/mnt/etc Copying /etc/machine-id to private /etc sbox run: /run/firejail/lib/fcopy /etc/machine-id /run/firejail/mnt/etc Warning: file /etc/password not found. Warning: skipping password for private /etc Warning: file /etc/pki not found. Warning: skipping pki for private /etc Copying /etc/resolv.conf to private /etc sbox run: /run/firejail/lib/fcopy /etc/resolv.conf /run/firejail/mnt/etc Copying /etc/ssl to private /etc Creating empty /run/firejail/mnt/etc/ssl directory sbox run: /run/firejail/lib/fcopy /etc/ssl /run/firejail/mnt/etc/ssl Mount-bind /run/firejail/mnt/etc on top of /etc Private /etc installed in 78.73 ms Copying files in the new /usr/etc directory: Warning: file /usr/etc/alternatives not found. Warning: skipping alternatives for private /usr/etc Warning: file /usr/etc/ca-certificates not found. Warning: skipping ca-certificates for private /usr/etc Warning: file /usr/etc/crypto-policies not found. Warning: skipping crypto-policies for private /usr/etc Warning: file /usr/etc/fonts not found. Warning: skipping fonts for private /usr/etc Warning: file /usr/etc/group not found. Warning: skipping group for private /usr/etc Warning: file /usr/etc/ld.so.cache not found. Warning: skipping ld.so.cache for private /usr/etc Warning: file /usr/etc/localtime not found. Warning: skipping localtime for private /usr/etc Warning: file /usr/etc/login.defs not found. Warning: skipping login.defs for private /usr/etc Warning: file /usr/etc/machine-id not found. Warning: skipping machine-id for private /usr/etc Warning: file /usr/etc/password not found. Warning: skipping password for private /usr/etc Warning: file /usr/etc/pki not found. Warning: skipping pki for private /usr/etc Warning: file /usr/etc/resolv.conf not found. Warning: skipping resolv.conf for private /usr/etc Warning: file /usr/etc/ssl not found. Warning: skipping ssl for private /usr/etc Mount-bind /run/firejail/mnt/usretc on top of /usr/etc Private /usr/etc installed in 0.25 ms Debug 553: whitelist ${HOME}/.config/lightcord Debug 574: expanded: /home/seonwoo/.config/lightcord Debug 585: new_name: /home/seonwoo/.config/lightcord Debug 599: dir: /home/seonwoo Adding whitelist top level directory /home/seonwoo Debug 553: whitelist ${HOME}/.config/Lightcord Debug 574: expanded: /home/seonwoo/.config/Lightcord Debug 585: new_name: /home/seonwoo/.config/Lightcord Debug 599: dir: /home/seonwoo Debug 553: whitelist ${HOME}/.config/Lightcord_BD Debug 574: expanded: /home/seonwoo/.config/Lightcord_BD Debug 585: new_name: /home/seonwoo/.config/Lightcord_BD Debug 599: dir: /home/seonwoo Debug 553: whitelist ${HOME}/.config/BetterDiscord Debug 574: expanded: /home/seonwoo/.config/BetterDiscord Debug 585: new_name: /home/seonwoo/.config/BetterDiscord Debug 599: dir: /home/seonwoo Removed path: whitelist ${HOME}/.config/BetterDiscord expanded: /home/seonwoo/.config/BetterDiscord realpath: (null) No such file or directory Debug 553: whitelist ${HOME}/.local/share/betterdiscordctl Debug 574: expanded: /home/seonwoo/.local/share/betterdiscordctl Debug 585: new_name: /home/seonwoo/.local/share/betterdiscordctl Debug 599: dir: /home/seonwoo Removed path: whitelist ${HOME}/.local/share/betterdiscordctl expanded: /home/seonwoo/.local/share/betterdiscordctl realpath: (null) No such file or directory Debug 553: whitelist /tmp/Lightcord Debug 574: expanded: /tmp/Lightcord Debug 585: new_name: /tmp/Lightcord Debug 599: dir: /tmp Adding whitelist top level directory /tmp Debug 553: whitelist ${HOME}/.XCompose Debug 574: expanded: /home/seonwoo/.XCompose Debug 585: new_name: /home/seonwoo/.XCompose Debug 599: dir: /home/seonwoo Removed path: whitelist ${HOME}/.XCompose expanded: /home/seonwoo/.XCompose realpath: (null) No such file or directory Debug 553: whitelist ${HOME}/.alsaequal.bin Debug 574: expanded: /home/seonwoo/.alsaequal.bin Debug 585: new_name: /home/seonwoo/.alsaequal.bin Debug 599: dir: /home/seonwoo Debug 553: whitelist ${HOME}/.asoundrc Debug 574: expanded: /home/seonwoo/.asoundrc Debug 585: new_name: /home/seonwoo/.asoundrc Debug 599: dir: /home/seonwoo Removed path: whitelist ${HOME}/.asoundrc expanded: /home/seonwoo/.asoundrc realpath: (null) No such file or directory Debug 553: whitelist ${HOME}/.config/ibus Debug 574: expanded: /home/seonwoo/.config/ibus Debug 585: new_name: /home/seonwoo/.config/ibus Debug 599: dir: /home/seonwoo Debug 553: whitelist ${HOME}/.config/mimeapps.list Debug 574: expanded: /home/seonwoo/.config/mimeapps.list Debug 585: new_name: /home/seonwoo/.config/mimeapps.list Debug 599: dir: /home/seonwoo Debug 553: whitelist ${HOME}/.config/pkcs11 Debug 574: expanded: /home/seonwoo/.config/pkcs11 Debug 585: new_name: /home/seonwoo/.config/pkcs11 Debug 599: dir: /home/seonwoo Removed path: whitelist ${HOME}/.config/pkcs11 expanded: /home/seonwoo/.config/pkcs11 realpath: (null) No such file or directory Debug 553: whitelist ${HOME}/.config/user-dirs.dirs Debug 574: expanded: /home/seonwoo/.config/user-dirs.dirs Debug 585: new_name: /home/seonwoo/.config/user-dirs.dirs Debug 599: dir: /home/seonwoo Debug 553: whitelist ${HOME}/.config/user-dirs.locale Debug 574: expanded: /home/seonwoo/.config/user-dirs.locale Debug 585: new_name: /home/seonwoo/.config/user-dirs.locale Debug 599: dir: /home/seonwoo Debug 553: whitelist ${HOME}/.drirc Debug 574: expanded: /home/seonwoo/.drirc Debug 585: new_name: /home/seonwoo/.drirc Debug 599: dir: /home/seonwoo Removed path: whitelist ${HOME}/.drirc expanded: /home/seonwoo/.drirc realpath: (null) No such file or directory Debug 553: whitelist ${HOME}/.icons Debug 574: expanded: /home/seonwoo/.icons Debug 585: new_name: /home/seonwoo/.icons Debug 599: dir: /home/seonwoo Debug 553: whitelist ${HOME}/.local/share/applications Debug 574: expanded: /home/seonwoo/.local/share/applications Debug 585: new_name: /home/seonwoo/.local/share/applications Debug 599: dir: /home/seonwoo Debug 553: whitelist ${HOME}/.local/share/icons Debug 574: expanded: /home/seonwoo/.local/share/icons Debug 585: new_name: /home/seonwoo/.local/share/icons Debug 599: dir: /home/seonwoo Debug 553: whitelist ${HOME}/.local/share/mime Debug 574: expanded: /home/seonwoo/.local/share/mime Debug 585: new_name: /home/seonwoo/.local/share/mime Debug 599: dir: /home/seonwoo Debug 553: whitelist ${HOME}/.mime.types Debug 574: expanded: /home/seonwoo/.mime.types Debug 585: new_name: /home/seonwoo/.mime.types Debug 599: dir: /home/seonwoo Removed path: whitelist ${HOME}/.mime.types expanded: /home/seonwoo/.mime.types realpath: (null) No such file or directory Debug 553: whitelist ${HOME}/.uim.d Debug 574: expanded: /home/seonwoo/.uim.d Debug 585: new_name: /home/seonwoo/.uim.d Debug 599: dir: /home/seonwoo Removed path: whitelist ${HOME}/.uim.d expanded: /home/seonwoo/.uim.d realpath: (null) No such file or directory Debug 553: whitelist ${HOME}/.config/dconf Debug 574: expanded: /home/seonwoo/.config/dconf Debug 585: new_name: /home/seonwoo/.config/dconf Debug 599: dir: /home/seonwoo Debug 553: whitelist ${HOME}/.cache/fontconfig Debug 574: expanded: /home/seonwoo/.cache/fontconfig Debug 585: new_name: /home/seonwoo/.cache/fontconfig Debug 599: dir: /home/seonwoo Removed path: whitelist ${HOME}/.cache/fontconfig expanded: /home/seonwoo/.cache/fontconfig realpath: (null) No such file or directory Debug 553: whitelist ${HOME}/.config/fontconfig Debug 574: expanded: /home/seonwoo/.config/fontconfig Debug 585: new_name: /home/seonwoo/.config/fontconfig Debug 599: dir: /home/seonwoo Debug 553: whitelist ${HOME}/.fontconfig Debug 574: expanded: /home/seonwoo/.fontconfig Debug 585: new_name: /home/seonwoo/.fontconfig Debug 599: dir: /home/seonwoo Removed path: whitelist ${HOME}/.fontconfig expanded: /home/seonwoo/.fontconfig realpath: (null) No such file or directory Debug 553: whitelist ${HOME}/.fonts Debug 574: expanded: /home/seonwoo/.fonts Debug 585: new_name: /home/seonwoo/.fonts Debug 599: dir: /home/seonwoo Removed path: whitelist ${HOME}/.fonts expanded: /home/seonwoo/.fonts realpath: (null) No such file or directory Debug 553: whitelist ${HOME}/.fonts.conf Debug 574: expanded: /home/seonwoo/.fonts.conf Debug 585: new_name: /home/seonwoo/.fonts.conf Debug 599: dir: /home/seonwoo Debug 553: whitelist ${HOME}/.fonts.conf.d Debug 574: expanded: /home/seonwoo/.fonts.conf.d Debug 585: new_name: /home/seonwoo/.fonts.conf.d Debug 599: dir: /home/seonwoo Removed path: whitelist ${HOME}/.fonts.conf.d expanded: /home/seonwoo/.fonts.conf.d realpath: (null) No such file or directory Debug 553: whitelist ${HOME}/.fonts.d Debug 574: expanded: /home/seonwoo/.fonts.d Debug 585: new_name: /home/seonwoo/.fonts.d Debug 599: dir: /home/seonwoo Removed path: whitelist ${HOME}/.fonts.d expanded: /home/seonwoo/.fonts.d realpath: (null) No such file or directory Debug 553: whitelist ${HOME}/.local/share/fonts Debug 574: expanded: /home/seonwoo/.local/share/fonts Debug 585: new_name: /home/seonwoo/.local/share/fonts Debug 599: dir: /home/seonwoo Removed path: whitelist ${HOME}/.local/share/fonts expanded: /home/seonwoo/.local/share/fonts realpath: (null) No such file or directory Debug 553: whitelist ${HOME}/.pangorc Debug 574: expanded: /home/seonwoo/.pangorc Debug 585: new_name: /home/seonwoo/.pangorc Debug 599: dir: /home/seonwoo Removed path: whitelist ${HOME}/.pangorc expanded: /home/seonwoo/.pangorc realpath: (null) No such file or directory Debug 553: whitelist ${HOME}/.config/gtk-2.0 Debug 574: expanded: /home/seonwoo/.config/gtk-2.0 Debug 585: new_name: /home/seonwoo/.config/gtk-2.0 Debug 599: dir: /home/seonwoo Debug 553: whitelist ${HOME}/.config/gtk-3.0 Debug 574: expanded: /home/seonwoo/.config/gtk-3.0 Debug 585: new_name: /home/seonwoo/.config/gtk-3.0 Debug 599: dir: /home/seonwoo Debug 553: whitelist ${HOME}/.config/gtk-4.0 Debug 574: expanded: /home/seonwoo/.config/gtk-4.0 Debug 585: new_name: /home/seonwoo/.config/gtk-4.0 Debug 599: dir: /home/seonwoo Removed path: whitelist ${HOME}/.config/gtk-4.0 expanded: /home/seonwoo/.config/gtk-4.0 realpath: (null) No such file or directory Debug 553: whitelist ${HOME}/.config/gtkrc Debug 574: expanded: /home/seonwoo/.config/gtkrc Debug 585: new_name: /home/seonwoo/.config/gtkrc Debug 599: dir: /home/seonwoo Debug 553: whitelist ${HOME}/.config/gtkrc-2.0 Debug 574: expanded: /home/seonwoo/.config/gtkrc-2.0 Debug 585: new_name: /home/seonwoo/.config/gtkrc-2.0 Debug 599: dir: /home/seonwoo Debug 553: whitelist ${HOME}/.gnome2 Debug 574: expanded: /home/seonwoo/.gnome2 Debug 585: new_name: /home/seonwoo/.gnome2 Debug 599: dir: /home/seonwoo Removed path: whitelist ${HOME}/.gnome2 expanded: /home/seonwoo/.gnome2 realpath: (null) No such file or directory Debug 553: whitelist ${HOME}/.gnome2-private Debug 574: expanded: /home/seonwoo/.gnome2-private Debug 585: new_name: /home/seonwoo/.gnome2-private Debug 599: dir: /home/seonwoo Removed path: whitelist ${HOME}/.gnome2-private expanded: /home/seonwoo/.gnome2-private realpath: (null) No such file or directory Debug 553: whitelist ${HOME}/.gtk-2.0 Debug 574: expanded: /home/seonwoo/.gtk-2.0 Debug 585: new_name: /home/seonwoo/.gtk-2.0 Debug 599: dir: /home/seonwoo Removed path: whitelist ${HOME}/.gtk-2.0 expanded: /home/seonwoo/.gtk-2.0 realpath: (null) No such file or directory Debug 553: whitelist ${HOME}/.gtkrc Debug 574: expanded: /home/seonwoo/.gtkrc Debug 585: new_name: /home/seonwoo/.gtkrc Debug 599: dir: /home/seonwoo Removed path: whitelist ${HOME}/.gtkrc expanded: /home/seonwoo/.gtkrc realpath: (null) No such file or directory Debug 553: whitelist ${HOME}/.gtkrc-2.0 Debug 574: expanded: /home/seonwoo/.gtkrc-2.0 Debug 585: new_name: /home/seonwoo/.gtkrc-2.0 Debug 599: dir: /home/seonwoo Removed path: whitelist ${HOME}/.gtkrc-2.0 expanded: /home/seonwoo/.gtkrc-2.0 realpath: (null) No such file or directory Debug 553: whitelist ${HOME}/.kde/share/config/gtkrc Debug 574: expanded: /home/seonwoo/.kde/share/config/gtkrc Debug 585: new_name: /home/seonwoo/.kde/share/config/gtkrc Debug 599: dir: /home/seonwoo Removed path: whitelist ${HOME}/.kde/share/config/gtkrc expanded: /home/seonwoo/.kde/share/config/gtkrc realpath: (null) No such file or directory Debug 553: whitelist ${HOME}/.kde/share/config/gtkrc-2.0 Debug 574: expanded: /home/seonwoo/.kde/share/config/gtkrc-2.0 Debug 585: new_name: /home/seonwoo/.kde/share/config/gtkrc-2.0 Debug 599: dir: /home/seonwoo Removed path: whitelist ${HOME}/.kde/share/config/gtkrc-2.0 expanded: /home/seonwoo/.kde/share/config/gtkrc-2.0 realpath: (null) No such file or directory Debug 553: whitelist ${HOME}/.kde4/share/config/gtkrc Debug 574: expanded: /home/seonwoo/.kde4/share/config/gtkrc Debug 585: new_name: /home/seonwoo/.kde4/share/config/gtkrc Debug 599: dir: /home/seonwoo Removed path: whitelist ${HOME}/.kde4/share/config/gtkrc expanded: /home/seonwoo/.kde4/share/config/gtkrc realpath: (null) No such file or directory Debug 553: whitelist ${HOME}/.kde4/share/config/gtkrc-2.0 Debug 574: expanded: /home/seonwoo/.kde4/share/config/gtkrc-2.0 Debug 585: new_name: /home/seonwoo/.kde4/share/config/gtkrc-2.0 Debug 599: dir: /home/seonwoo Removed path: whitelist ${HOME}/.kde4/share/config/gtkrc-2.0 expanded: /home/seonwoo/.kde4/share/config/gtkrc-2.0 realpath: (null) No such file or directory Debug 553: whitelist ${HOME}/.local/share/themes Debug 574: expanded: /home/seonwoo/.local/share/themes Debug 585: new_name: /home/seonwoo/.local/share/themes Debug 599: dir: /home/seonwoo Removed path: whitelist ${HOME}/.local/share/themes expanded: /home/seonwoo/.local/share/themes realpath: (null) No such file or directory Debug 553: whitelist ${HOME}/.themes Debug 574: expanded: /home/seonwoo/.themes Debug 585: new_name: /home/seonwoo/.themes Debug 599: dir: /home/seonwoo Debug 553: whitelist ${HOME}/.cache/kioexec/krun Debug 574: expanded: /home/seonwoo/.cache/kioexec/krun Debug 585: new_name: /home/seonwoo/.cache/kioexec/krun Debug 599: dir: /home/seonwoo Removed path: whitelist ${HOME}/.cache/kioexec/krun expanded: /home/seonwoo/.cache/kioexec/krun realpath: (null) No such file or directory Debug 553: whitelist ${HOME}/.config/Kvantum Debug 574: expanded: /home/seonwoo/.config/Kvantum Debug 585: new_name: /home/seonwoo/.config/Kvantum Debug 599: dir: /home/seonwoo Removed path: whitelist ${HOME}/.config/Kvantum expanded: /home/seonwoo/.config/Kvantum realpath: (null) No such file or directory Debug 553: whitelist ${HOME}/.config/Trolltech.conf Debug 574: expanded: /home/seonwoo/.config/Trolltech.conf Debug 585: new_name: /home/seonwoo/.config/Trolltech.conf Debug 599: dir: /home/seonwoo Debug 553: whitelist ${HOME}/.config/QtProject.conf Debug 574: expanded: /home/seonwoo/.config/QtProject.conf Debug 585: new_name: /home/seonwoo/.config/QtProject.conf Debug 599: dir: /home/seonwoo Debug 553: whitelist ${HOME}/.config/kdeglobals Debug 574: expanded: /home/seonwoo/.config/kdeglobals Debug 585: new_name: /home/seonwoo/.config/kdeglobals Debug 599: dir: /home/seonwoo Removed path: whitelist ${HOME}/.config/kdeglobals expanded: /home/seonwoo/.config/kdeglobals realpath: (null) No such file or directory Debug 553: whitelist ${HOME}/.config/kio_httprc Debug 574: expanded: /home/seonwoo/.config/kio_httprc Debug 585: new_name: /home/seonwoo/.config/kio_httprc Debug 599: dir: /home/seonwoo Removed path: whitelist ${HOME}/.config/kio_httprc expanded: /home/seonwoo/.config/kio_httprc realpath: (null) No such file or directory Debug 553: whitelist ${HOME}/.config/kioslaverc Debug 574: expanded: /home/seonwoo/.config/kioslaverc Debug 585: new_name: /home/seonwoo/.config/kioslaverc Debug 599: dir: /home/seonwoo Removed path: whitelist ${HOME}/.config/kioslaverc expanded: /home/seonwoo/.config/kioslaverc realpath: (null) No such file or directory Debug 553: whitelist ${HOME}/.config/ksslcablacklist Debug 574: expanded: /home/seonwoo/.config/ksslcablacklist Debug 585: new_name: /home/seonwoo/.config/ksslcablacklist Debug 599: dir: /home/seonwoo Removed path: whitelist ${HOME}/.config/ksslcablacklist expanded: /home/seonwoo/.config/ksslcablacklist realpath: (null) No such file or directory Debug 553: whitelist ${HOME}/.config/qt5ct Debug 574: expanded: /home/seonwoo/.config/qt5ct Debug 585: new_name: /home/seonwoo/.config/qt5ct Debug 599: dir: /home/seonwoo Removed path: whitelist ${HOME}/.config/qt5ct expanded: /home/seonwoo/.config/qt5ct realpath: (null) No such file or directory Debug 553: whitelist ${HOME}/.config/qtcurve Debug 574: expanded: /home/seonwoo/.config/qtcurve Debug 585: new_name: /home/seonwoo/.config/qtcurve Debug 599: dir: /home/seonwoo Removed path: whitelist ${HOME}/.config/qtcurve expanded: /home/seonwoo/.config/qtcurve realpath: (null) No such file or directory Debug 553: whitelist ${HOME}/.kde/share/config/kdeglobals Debug 574: expanded: /home/seonwoo/.kde/share/config/kdeglobals Debug 585: new_name: /home/seonwoo/.kde/share/config/kdeglobals Debug 599: dir: /home/seonwoo Removed path: whitelist ${HOME}/.kde/share/config/kdeglobals expanded: /home/seonwoo/.kde/share/config/kdeglobals realpath: (null) No such file or directory Debug 553: whitelist ${HOME}/.kde/share/config/kio_httprc Debug 574: expanded: /home/seonwoo/.kde/share/config/kio_httprc Debug 585: new_name: /home/seonwoo/.kde/share/config/kio_httprc Debug 599: dir: /home/seonwoo Removed path: whitelist ${HOME}/.kde/share/config/kio_httprc expanded: /home/seonwoo/.kde/share/config/kio_httprc realpath: (null) No such file or directory Debug 553: whitelist ${HOME}/.kde/share/config/kioslaverc Debug 574: expanded: /home/seonwoo/.kde/share/config/kioslaverc Debug 585: new_name: /home/seonwoo/.kde/share/config/kioslaverc Debug 599: dir: /home/seonwoo Removed path: whitelist ${HOME}/.kde/share/config/kioslaverc expanded: /home/seonwoo/.kde/share/config/kioslaverc realpath: (null) No such file or directory Debug 553: whitelist ${HOME}/.kde/share/config/ksslcablacklist Debug 574: expanded: /home/seonwoo/.kde/share/config/ksslcablacklist Debug 585: new_name: /home/seonwoo/.kde/share/config/ksslcablacklist Debug 599: dir: /home/seonwoo Removed path: whitelist ${HOME}/.kde/share/config/ksslcablacklist expanded: /home/seonwoo/.kde/share/config/ksslcablacklist realpath: (null) No such file or directory Debug 553: whitelist ${HOME}/.kde/share/config/oxygenrc Debug 574: expanded: /home/seonwoo/.kde/share/config/oxygenrc Debug 585: new_name: /home/seonwoo/.kde/share/config/oxygenrc Debug 599: dir: /home/seonwoo Removed path: whitelist ${HOME}/.kde/share/config/oxygenrc expanded: /home/seonwoo/.kde/share/config/oxygenrc realpath: (null) No such file or directory Debug 553: whitelist ${HOME}/.kde/share/icons Debug 574: expanded: /home/seonwoo/.kde/share/icons Debug 585: new_name: /home/seonwoo/.kde/share/icons Debug 599: dir: /home/seonwoo Removed path: whitelist ${HOME}/.kde/share/icons expanded: /home/seonwoo/.kde/share/icons realpath: (null) No such file or directory Debug 553: whitelist ${HOME}/.kde4/share/config/kdeglobals Debug 574: expanded: /home/seonwoo/.kde4/share/config/kdeglobals Debug 585: new_name: /home/seonwoo/.kde4/share/config/kdeglobals Debug 599: dir: /home/seonwoo Debug 553: whitelist ${HOME}/.kde4/share/config/kio_httprc Debug 574: expanded: /home/seonwoo/.kde4/share/config/kio_httprc Debug 585: new_name: /home/seonwoo/.kde4/share/config/kio_httprc Debug 599: dir: /home/seonwoo Removed path: whitelist ${HOME}/.kde4/share/config/kio_httprc expanded: /home/seonwoo/.kde4/share/config/kio_httprc realpath: (null) No such file or directory Debug 553: whitelist ${HOME}/.kde4/share/config/kioslaverc Debug 574: expanded: /home/seonwoo/.kde4/share/config/kioslaverc Debug 585: new_name: /home/seonwoo/.kde4/share/config/kioslaverc Debug 599: dir: /home/seonwoo Removed path: whitelist ${HOME}/.kde4/share/config/kioslaverc expanded: /home/seonwoo/.kde4/share/config/kioslaverc realpath: (null) No such file or directory Debug 553: whitelist ${HOME}/.kde4/share/config/ksslcablacklist Debug 574: expanded: /home/seonwoo/.kde4/share/config/ksslcablacklist Debug 585: new_name: /home/seonwoo/.kde4/share/config/ksslcablacklist Debug 599: dir: /home/seonwoo Removed path: whitelist ${HOME}/.kde4/share/config/ksslcablacklist expanded: /home/seonwoo/.kde4/share/config/ksslcablacklist realpath: (null) No such file or directory Debug 553: whitelist ${HOME}/.kde4/share/config/oxygenrc Debug 574: expanded: /home/seonwoo/.kde4/share/config/oxygenrc Debug 585: new_name: /home/seonwoo/.kde4/share/config/oxygenrc Debug 599: dir: /home/seonwoo Removed path: whitelist ${HOME}/.kde4/share/config/oxygenrc expanded: /home/seonwoo/.kde4/share/config/oxygenrc realpath: (null) No such file or directory Debug 553: whitelist ${HOME}/.kde4/share/icons Debug 574: expanded: /home/seonwoo/.kde4/share/icons Debug 585: new_name: /home/seonwoo/.kde4/share/icons Debug 599: dir: /home/seonwoo Removed path: whitelist ${HOME}/.kde4/share/icons expanded: /home/seonwoo/.kde4/share/icons realpath: (null) No such file or directory Debug 553: whitelist ${HOME}/.local/share/qt5ct Debug 574: expanded: /home/seonwoo/.local/share/qt5ct Debug 585: new_name: /home/seonwoo/.local/share/qt5ct Debug 599: dir: /home/seonwoo Removed path: whitelist ${HOME}/.local/share/qt5ct expanded: /home/seonwoo/.local/share/qt5ct realpath: (null) No such file or directory Debug 553: whitelist /var/lib/aspell Debug 574: expanded: /var/lib/aspell Debug 585: new_name: /var/lib/aspell Debug 599: dir: /var Adding whitelist top level directory /var Removed path: whitelist /var/lib/aspell expanded: /var/lib/aspell realpath: (null) No such file or directory Debug 553: whitelist /var/lib/ca-certificates Debug 574: expanded: /var/lib/ca-certificates Debug 585: new_name: /var/lib/ca-certificates Debug 599: dir: /var Removed path: whitelist /var/lib/ca-certificates expanded: /var/lib/ca-certificates realpath: (null) No such file or directory Debug 553: whitelist /var/lib/dbus Debug 574: expanded: /var/lib/dbus Debug 585: new_name: /var/lib/dbus Debug 599: dir: /var Debug 553: whitelist /var/lib/menu-xdg Debug 574: expanded: /var/lib/menu-xdg Debug 585: new_name: /var/lib/menu-xdg Debug 599: dir: /var Removed path: whitelist /var/lib/menu-xdg expanded: /var/lib/menu-xdg realpath: (null) No such file or directory Debug 553: whitelist /var/lib/uim Debug 574: expanded: /var/lib/uim Debug 585: new_name: /var/lib/uim Debug 599: dir: /var Removed path: whitelist /var/lib/uim expanded: /var/lib/uim realpath: (null) No such file or directory Debug 553: whitelist /var/cache/fontconfig Debug 574: expanded: /var/cache/fontconfig Debug 585: new_name: /var/cache/fontconfig Debug 599: dir: /var Debug 553: whitelist /var/tmp Debug 574: expanded: /var/tmp Debug 585: new_name: /var/tmp Debug 599: dir: /var Debug 553: whitelist /var/run Debug 574: expanded: /var/run Debug 585: new_name: /var/run Debug 599: dir: /var Debug 553: whitelist /var/lock Debug 574: expanded: /var/lock Debug 585: new_name: /var/lock Debug 599: dir: /var Debug 553: whitelist /tmp/.X11-unix Debug 574: expanded: /tmp/.X11-unix Debug 585: new_name: /tmp/.X11-unix Debug 599: dir: /tmp Mounting tmpfs on /tmp, check owner: no 4341 1679 0:248 / /tmp rw,nosuid,nodev,relatime - tmpfs tmpfs rw,inode64 mountid=4341 fsname=/ dir=/tmp fstype=tmpfs Mounting tmpfs on /var, check owner: no 4342 2288 0:249 / /var rw,nosuid,nodev,noexec,relatime - tmpfs tmpfs rw,mode=755,inode64 mountid=4342 fsname=/ dir=/var fstype=tmpfs Drop privileges: pid 28, uid 1000, gid 100, nogroups 0 Supplementary groups: 92 91 Mounting a new /root directory Mounting a new /home directory Create a new user directory Drop privileges: pid 29, uid 1000, gid 100, nogroups 0 Supplementary groups: 92 91 Debug 735: file: /home/seonwoo/.config/lightcord; dirfd: 4; topdir: /home/seonwoo; rel: .config/lightcord Whitelisting /home/seonwoo/.config/lightcord 4345 4344 0:27 /.config/lightcord /home/seonwoo/.config/lightcord rw,relatime master:3 - zfs zroot/enc/perm/root/home/seonwoo rw,xattr,posixacl mountid=4345 fsname=/.config/lightcord dir=/home/seonwoo/.config/lightcord fstype=zfs Debug 735: file: /home/seonwoo/.config/Lightcord; dirfd: 4; topdir: /home/seonwoo; rel: .config/Lightcord Whitelisting /home/seonwoo/.config/Lightcord 4346 4344 0:27 /.config/Lightcord /home/seonwoo/.config/Lightcord rw,relatime master:3 - zfs zroot/enc/perm/root/home/seonwoo rw,xattr,posixacl mountid=4346 fsname=/.config/Lightcord dir=/home/seonwoo/.config/Lightcord fstype=zfs Debug 735: file: /home/seonwoo/.config/Lightcord_BD; dirfd: 4; topdir: /home/seonwoo; rel: .config/Lightcord_BD Whitelisting /home/seonwoo/.config/Lightcord_BD 4347 4344 0:27 /.config/Lightcord_BD /home/seonwoo/.config/Lightcord_BD rw,relatime master:3 - zfs zroot/enc/perm/root/home/seonwoo rw,xattr,posixacl mountid=4347 fsname=/.config/Lightcord_BD dir=/home/seonwoo/.config/Lightcord_BD fstype=zfs Debug 735: file: /tmp/Lightcord; dirfd: 5; topdir: /tmp; rel: Lightcord Whitelisting /tmp/Lightcord 4348 4341 0:78 /Lightcord /tmp/Lightcord rw,nosuid,nodev,relatime master:128 - tmpfs tmpfs rw,size=6291456k,inode64 mountid=4348 fsname=/Lightcord dir=/tmp/Lightcord fstype=tmpfs Debug 735: file: /home/seonwoo/.alsaequal.bin; dirfd: 4; topdir: /home/seonwoo; rel: .alsaequal.bin Whitelisting /home/seonwoo/.alsaequal.bin 4349 4344 0:27 /.alsaequal.bin /home/seonwoo/.alsaequal.bin rw,relatime master:3 - zfs zroot/enc/perm/root/home/seonwoo rw,xattr,posixacl mountid=4349 fsname=/.alsaequal.bin dir=/home/seonwoo/.alsaequal.bin fstype=zfs Debug 735: file: /home/seonwoo/.config/ibus; dirfd: 4; topdir: /home/seonwoo; rel: .config/ibus Whitelisting /home/seonwoo/.config/ibus 4350 4344 0:27 /.config/ibus /home/seonwoo/.config/ibus rw,relatime master:3 - zfs zroot/enc/perm/root/home/seonwoo rw,xattr,posixacl mountid=4350 fsname=/.config/ibus dir=/home/seonwoo/.config/ibus fstype=zfs Debug 735: file: /home/seonwoo/.config/mimeapps.list; dirfd: 4; topdir: /home/seonwoo; rel: .config/mimeapps.list Whitelisting /home/seonwoo/.config/mimeapps.list 4351 4344 0:27 /.config/mimeapps.list /home/seonwoo/.config/mimeapps.list rw,relatime master:3 - zfs zroot/enc/perm/root/home/seonwoo rw,xattr,posixacl mountid=4351 fsname=/.config/mimeapps.list dir=/home/seonwoo/.config/mimeapps.list fstype=zfs Debug 735: file: /home/seonwoo/.config/user-dirs.dirs; dirfd: 4; topdir: /home/seonwoo; rel: .config/user-dirs.dirs Whitelisting /home/seonwoo/.config/user-dirs.dirs 4352 4344 0:27 /.config/user-dirs.dirs /home/seonwoo/.config/user-dirs.dirs rw,relatime master:3 - zfs zroot/enc/perm/root/home/seonwoo rw,xattr,posixacl mountid=4352 fsname=/.config/user-dirs.dirs dir=/home/seonwoo/.config/user-dirs.dirs fstype=zfs Debug 735: file: /home/seonwoo/.config/user-dirs.locale; dirfd: 4; topdir: /home/seonwoo; rel: .config/user-dirs.locale Whitelisting /home/seonwoo/.config/user-dirs.locale 4353 4344 0:27 /.config/user-dirs.locale /home/seonwoo/.config/user-dirs.locale rw,relatime master:3 - zfs zroot/enc/perm/root/home/seonwoo rw,xattr,posixacl mountid=4353 fsname=/.config/user-dirs.locale dir=/home/seonwoo/.config/user-dirs.locale fstype=zfs Debug 735: file: /home/seonwoo/.icons; dirfd: 4; topdir: /home/seonwoo; rel: .icons Whitelisting /home/seonwoo/.icons 4354 4344 0:27 /.icons /home/seonwoo/.icons rw,relatime master:3 - zfs zroot/enc/perm/root/home/seonwoo rw,xattr,posixacl mountid=4354 fsname=/.icons dir=/home/seonwoo/.icons fstype=zfs Debug 735: file: /home/seonwoo/.local/share/applications; dirfd: 4; topdir: /home/seonwoo; rel: .local/share/applications Whitelisting /home/seonwoo/.local/share/applications 4355 4344 0:27 /.local/share/applications /home/seonwoo/.local/share/applications rw,relatime master:3 - zfs zroot/enc/perm/root/home/seonwoo rw,xattr,posixacl mountid=4355 fsname=/.local/share/applications dir=/home/seonwoo/.local/share/applications fstype=zfs Debug 735: file: /home/seonwoo/.local/share/icons; dirfd: 4; topdir: /home/seonwoo; rel: .local/share/icons Whitelisting /home/seonwoo/.local/share/icons 4356 4344 0:27 /.local/share/icons /home/seonwoo/.local/share/icons rw,relatime master:3 - zfs zroot/enc/perm/root/home/seonwoo rw,xattr,posixacl mountid=4356 fsname=/.local/share/icons dir=/home/seonwoo/.local/share/icons fstype=zfs Debug 735: file: /home/seonwoo/.local/share/mime; dirfd: 4; topdir: /home/seonwoo; rel: .local/share/mime Whitelisting /home/seonwoo/.local/share/mime 4357 4344 0:27 /.local/share/mime /home/seonwoo/.local/share/mime rw,relatime master:3 - zfs zroot/enc/perm/root/home/seonwoo rw,xattr,posixacl mountid=4357 fsname=/.local/share/mime dir=/home/seonwoo/.local/share/mime fstype=zfs Debug 735: file: /home/seonwoo/.config/dconf; dirfd: 4; topdir: /home/seonwoo; rel: .config/dconf Whitelisting /home/seonwoo/.config/dconf 4358 4344 0:27 /.config/dconf /home/seonwoo/.config/dconf rw,relatime master:3 - zfs zroot/enc/perm/root/home/seonwoo rw,xattr,posixacl mountid=4358 fsname=/.config/dconf dir=/home/seonwoo/.config/dconf fstype=zfs Debug 735: file: /home/seonwoo/.config/fontconfig; dirfd: 4; topdir: /home/seonwoo; rel: .config/fontconfig Whitelisting /home/seonwoo/.config/fontconfig 4359 4344 0:27 /.config/fontconfig /home/seonwoo/.config/fontconfig rw,relatime master:3 - zfs zroot/enc/perm/root/home/seonwoo rw,xattr,posixacl mountid=4359 fsname=/.config/fontconfig dir=/home/seonwoo/.config/fontconfig fstype=zfs Debug 735: file: /home/seonwoo/.config/fontconfig/fonts.conf; dirfd: 4; topdir: /home/seonwoo; rel: .config/fontconfig/fonts.conf Created symbolic link /home/seonwoo/.fonts.conf -> /home/seonwoo/.config/fontconfig/fonts.conf Debug 735: file: /home/seonwoo/.config/gtk-2.0; dirfd: 4; topdir: /home/seonwoo; rel: .config/gtk-2.0 Whitelisting /home/seonwoo/.config/gtk-2.0 4360 4344 0:27 /.config/gtk-2.0 /home/seonwoo/.config/gtk-2.0 rw,relatime master:3 - zfs zroot/enc/perm/root/home/seonwoo rw,xattr,posixacl mountid=4360 fsname=/.config/gtk-2.0 dir=/home/seonwoo/.config/gtk-2.0 fstype=zfs Debug 735: file: /home/seonwoo/.config/gtk-3.0; dirfd: 4; topdir: /home/seonwoo; rel: .config/gtk-3.0 Whitelisting /home/seonwoo/.config/gtk-3.0 4361 4344 0:27 /.config/gtk-3.0 /home/seonwoo/.config/gtk-3.0 rw,relatime master:3 - zfs zroot/enc/perm/root/home/seonwoo rw,xattr,posixacl mountid=4361 fsname=/.config/gtk-3.0 dir=/home/seonwoo/.config/gtk-3.0 fstype=zfs Debug 735: file: /home/seonwoo/.config/gtkrc; dirfd: 4; topdir: /home/seonwoo; rel: .config/gtkrc Whitelisting /home/seonwoo/.config/gtkrc 4362 4344 0:27 /.config/gtkrc /home/seonwoo/.config/gtkrc rw,relatime master:3 - zfs zroot/enc/perm/root/home/seonwoo rw,xattr,posixacl mountid=4362 fsname=/.config/gtkrc dir=/home/seonwoo/.config/gtkrc fstype=zfs Debug 735: file: /home/seonwoo/.config/gtkrc-2.0; dirfd: 4; topdir: /home/seonwoo; rel: .config/gtkrc-2.0 Whitelisting /home/seonwoo/.config/gtkrc-2.0 4363 4344 0:27 /.config/gtkrc-2.0 /home/seonwoo/.config/gtkrc-2.0 rw,relatime master:3 - zfs zroot/enc/perm/root/home/seonwoo rw,xattr,posixacl mountid=4363 fsname=/.config/gtkrc-2.0 dir=/home/seonwoo/.config/gtkrc-2.0 fstype=zfs Debug 735: file: /home/seonwoo/.themes; dirfd: 4; topdir: /home/seonwoo; rel: .themes Whitelisting /home/seonwoo/.themes 4364 4344 0:27 /.themes /home/seonwoo/.themes rw,relatime master:3 - zfs zroot/enc/perm/root/home/seonwoo rw,xattr,posixacl mountid=4364 fsname=/.themes dir=/home/seonwoo/.themes fstype=zfs Debug 735: file: /home/seonwoo/.config/Trolltech.conf; dirfd: 4; topdir: /home/seonwoo; rel: .config/Trolltech.conf Whitelisting /home/seonwoo/.config/Trolltech.conf 4365 4344 0:27 /.config/Trolltech.conf /home/seonwoo/.config/Trolltech.conf rw,relatime master:3 - zfs zroot/enc/perm/root/home/seonwoo rw,xattr,posixacl mountid=4365 fsname=/.config/Trolltech.conf dir=/home/seonwoo/.config/Trolltech.conf fstype=zfs Debug 735: file: /home/seonwoo/.config/QtProject.conf; dirfd: 4; topdir: /home/seonwoo; rel: .config/QtProject.conf Whitelisting /home/seonwoo/.config/QtProject.conf 4366 4344 0:27 /.config/QtProject.conf /home/seonwoo/.config/QtProject.conf rw,relatime master:3 - zfs zroot/enc/perm/root/home/seonwoo rw,xattr,posixacl mountid=4366 fsname=/.config/QtProject.conf dir=/home/seonwoo/.config/QtProject.conf fstype=zfs Debug 735: file: /home/seonwoo/.kde4/share/config/kdeglobals; dirfd: 4; topdir: /home/seonwoo; rel: .kde4/share/config/kdeglobals Whitelisting /home/seonwoo/.kde4/share/config/kdeglobals 4367 4344 0:27 /.kde4/share/config/kdeglobals /home/seonwoo/.kde4/share/config/kdeglobals rw,relatime master:3 - zfs zroot/enc/perm/root/home/seonwoo rw,xattr,posixacl mountid=4367 fsname=/.kde4/share/config/kdeglobals dir=/home/seonwoo/.kde4/share/config/kdeglobals fstype=zfs Debug 735: file: /var/lib/dbus; dirfd: 7; topdir: /var; rel: lib/dbus Whitelisting /var/lib/dbus 4368 4342 0:25 /var/lib/dbus /var/lib/dbus ro,nosuid,nodev,noexec,relatime master:1 - zfs zroot/enc/perm/root rw,xattr,posixacl mountid=4368 fsname=/var/lib/dbus dir=/var/lib/dbus fstype=zfs Debug 735: file: /var/cache/fontconfig; dirfd: 7; topdir: /var; rel: cache/fontconfig Whitelisting /var/cache/fontconfig 4369 4342 0:45 /fontconfig /var/cache/fontconfig ro,nosuid,nodev,noexec,noatime master:27 - zfs zroot/enc/ephem/no-repl/var/cache rw,xattr,posixacl mountid=4369 fsname=/fontconfig dir=/var/cache/fontconfig fstype=zfs Debug 735: file: /var/tmp; dirfd: 7; topdir: /var; rel: tmp Whitelisting /var/tmp 4370 4342 0:223 / /var/tmp rw,nosuid,nodev,noexec - tmpfs tmpfs rw,inode64 mountid=4370 fsname=/ dir=/var/tmp fstype=tmpfs Created symbolic link /var/run -> /run Created symbolic link /var/lock -> /run/lock Debug 735: file: /tmp/.X11-unix; dirfd: 5; topdir: /tmp; rel: .X11-unix Whitelisting /tmp/.X11-unix 4371 4341 0:78 /.X11-unix /tmp/.X11-unix rw,nosuid,nodev,relatime master:128 - tmpfs tmpfs rw,size=6291456k,inode64 mountid=4371 fsname=/.X11-unix dir=/tmp/.X11-unix fstype=tmpfs Warning: you are not allowed to mount a tmpfs on /home/seonwoo/.config/Lightcord/Cache Warning: you are not allowed to mount a tmpfs on /home/seonwoo/.config/Lightcord/Code Cache Warning: you are not allowed to mount a tmpfs on /home/seonwoo/.config/Lightcord/GPUCache Mounting read-only /home/seonwoo/.Xauthority 4372 4344 0:251 /seonwoo/.Xauthority /home/seonwoo/.Xauthority ro,nosuid,nodev,noexec - tmpfs tmpfs rw,mode=755,inode64 mountid=4372 fsname=/seonwoo/.Xauthority dir=/home/seonwoo/.Xauthority fstype=tmpfs Mounting read-only /home/seonwoo/.kde4/share/config/kdeglobals 4373 4367 0:27 /.kde4/share/config/kdeglobals /home/seonwoo/.kde4/share/config/kdeglobals ro,relatime master:3 - zfs zroot/enc/perm/root/home/seonwoo rw,xattr,posixacl mountid=4373 fsname=/.kde4/share/config/kdeglobals dir=/home/seonwoo/.kde4/share/config/kdeglobals fstype=zfs Mounting read-only /home/seonwoo/.config/dconf 4374 4358 0:27 /.config/dconf /home/seonwoo/.config/dconf ro,relatime master:3 - zfs zroot/enc/perm/root/home/seonwoo rw,xattr,posixacl mountid=4374 fsname=/.config/dconf dir=/home/seonwoo/.config/dconf fstype=zfs Disable /run/user/1000/systemd Disable /usr/share/applications/veracrypt.desktop Disable /usr/share/pixmaps/veracrypt.xpm Disable /run/rpcbind.sock (requested /var/run/rpcbind.sock) Disable /run/screens (requested /var/run/screens) Mounting read-only /home/seonwoo/.local/share/applications 4380 4355 0:27 /.local/share/applications /home/seonwoo/.local/share/applications ro,relatime master:3 - zfs zroot/enc/perm/root/home/seonwoo rw,xattr,posixacl mountid=4380 fsname=/.local/share/applications dir=/home/seonwoo/.local/share/applications fstype=zfs Mounting read-only /home/seonwoo/.config/mimeapps.list 4381 4351 0:27 /.config/mimeapps.list /home/seonwoo/.config/mimeapps.list ro,relatime master:3 - zfs zroot/enc/perm/root/home/seonwoo rw,xattr,posixacl mountid=4381 fsname=/.config/mimeapps.list dir=/home/seonwoo/.config/mimeapps.list fstype=zfs Mounting read-only /home/seonwoo/.config/user-dirs.dirs 4382 4352 0:27 /.config/user-dirs.dirs /home/seonwoo/.config/user-dirs.dirs ro,relatime master:3 - zfs zroot/enc/perm/root/home/seonwoo rw,xattr,posixacl mountid=4382 fsname=/.config/user-dirs.dirs dir=/home/seonwoo/.config/user-dirs.dirs fstype=zfs Mounting read-only /home/seonwoo/.config/user-dirs.locale 4383 4353 0:27 /.config/user-dirs.locale /home/seonwoo/.config/user-dirs.locale ro,relatime master:3 - zfs zroot/enc/perm/root/home/seonwoo rw,xattr,posixacl mountid=4383 fsname=/.config/user-dirs.locale dir=/home/seonwoo/.config/user-dirs.locale fstype=zfs Mounting read-only /home/seonwoo/.local/share/mime 4384 4357 0:27 /.local/share/mime /home/seonwoo/.local/share/mime ro,relatime master:3 - zfs zroot/enc/perm/root/home/seonwoo rw,xattr,posixacl mountid=4384 fsname=/.local/share/mime dir=/home/seonwoo/.local/share/mime fstype=zfs Warning: /sbin directory link was not blacklisted Disable /usr/local/sbin Warning: /usr/sbin directory link was not blacklisted Warning (blacklisting): cannot open /usr/local/sbin/at: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/busybox: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/chage: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/chfn: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/chsh: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/crontab: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/evtest: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/expiry: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/fusermount: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/gksu: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/gksudo: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/gpasswd: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/kdesudo: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/ksu: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/mount: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/mount.ecryptfs_private: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/nc: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/ncat: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/nmap: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/newgidmap: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/newgrp: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/newuidmap: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/ntfs-3g: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/pkexec: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/procmail: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/sg: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/strace: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/su: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/sudo: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/tcpdump: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/umount: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/unix_chkpwd: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/xev: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/xinput: Permission denied Disable /usr/lib/virtualbox Disable /usr/lib/virtualbox (requested /usr/lib64/virtualbox) Warning (blacklisting): cannot open /usr/local/sbin/lxterminal: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/gnome-terminal: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/gnome-terminal.wrapper: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/lilyterm: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/mate-terminal: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/mate-terminal.wrapper: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/pantheon-terminal: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/roxterm: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/roxterm-config: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/terminix: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/tilix: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/urxvtc: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/urxvtcd: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/xfce4-terminal: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/xfce4-terminal.wrapper: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/bwrap: Permission denied Disable /proc/config.gz Warning (blacklisting): cannot open /usr/local/sbin/dig: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/dlint: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/dns2tcp: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/dnssec-*: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/dnswalk: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/drill: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/host: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/iodine: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/kdig: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/khost: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/knsupdate: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/ldns-*: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/ldnsd: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/nslookup: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/resolvectl: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/unbound-host: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/clang*: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/lldb*: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/llvm*: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/as: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/cc: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/c++*: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/c8*: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/c9*: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/cpp*: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/g++*: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/gcc*: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/gdb: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/ld: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/*-gcc*: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/*-g++*: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/*-gcc*: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/*-g++*: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/gccgo: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/go: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/gofmt: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/java: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/javac: Permission denied Disable /usr/share/java Warning (blacklisting): cannot open /usr/local/sbin/openssl: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/openssl-1.0: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/rust-gdb: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/rust-lldb: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/rustc: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/tcc: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/x86_64-tcc: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/valgrind*: Permission denied Disable /usr/src Disable /usr/local/src Disable /usr/include Disable /usr/local/include Mounting noexec /run/user/1000 4398 4397 0:23 /firejail/firejail.ro.dir /run/user/1000/systemd rw,nosuid,nodev,relatime master:14 - tmpfs run rw,mode=755,inode64 mountid=4398 fsname=/firejail/firejail.ro.dir dir=/run/user/1000/systemd fstype=tmpfs Warning: not remounting /run/user/1000/gvfs Mounting noexec /dev/shm 4399 4306 0:243 /shm /dev/shm rw,nosuid,nodev,noexec - tmpfs tmpfs rw,mode=755,inode64 mountid=4399 fsname=/shm dir=/dev/shm fstype=tmpfs Mounting noexec /tmp 4402 4400 0:78 /.X11-unix /tmp/.X11-unix rw,nosuid,nodev,relatime master:128 - tmpfs tmpfs rw,size=6291456k,inode64 mountid=4402 fsname=/.X11-unix dir=/tmp/.X11-unix fstype=tmpfs Mounting noexec /tmp/Lightcord 4403 4401 0:78 /Lightcord /tmp/Lightcord rw,nosuid,nodev,noexec,relatime master:128 - tmpfs tmpfs rw,size=6291456k,inode64 mountid=4403 fsname=/Lightcord dir=/tmp/Lightcord fstype=tmpfs Mounting noexec /tmp/.X11-unix 4404 4402 0:78 /.X11-unix /tmp/.X11-unix rw,nosuid,nodev,noexec,relatime master:128 - tmpfs tmpfs rw,size=6291456k,inode64 mountid=4404 fsname=/.X11-unix dir=/tmp/.X11-unix fstype=tmpfs Mounting read-only /tmp/.X11-unix 4405 4404 0:78 /.X11-unix /tmp/.X11-unix ro,nosuid,nodev,noexec,relatime master:128 - tmpfs tmpfs rw,size=6291456k,inode64 mountid=4405 fsname=/.X11-unix dir=/tmp/.X11-unix fstype=tmpfs Disable /sys/fs Disable /sys/module Disable /mnt Disable /run/mount Disable /run/media disable pulseaudio blacklist /run/user/1000/pulse/native blacklist /run/user/1000/pulse Current directory: /home/seonwoo DISPLAY=:0.0 parsed as 0 Install protocol filter: unix,inet,inet6,netlink configuring 22 seccomp entries in /run/firejail/mnt/seccomp/seccomp.protocol sbox run: /usr/lib/firejail/fsec-print /run/firejail/mnt/seccomp/seccomp.protocol Dropping all capabilities Drop privileges: pid 30, uid 1000, gid 100, nogroups 1 No supplementary groups line OP JT JF K ================================= 0000: 20 00 00 00000004 ld data.architecture 0001: 15 04 00 c000003e jeq ARCH_64 0006 (false 0002) 0002: 20 00 00 00000000 ld data.syscall-number 0003: 15 01 00 00000167 jeq unknown 0005 (false 0004) 0004: 06 00 00 7fff0000 ret ALLOW 0005: 05 00 00 00000006 jmp 000c 0006: 20 00 00 00000004 ld data.architecture 0007: 15 01 00 c000003e jeq ARCH_64 0009 (false 0008) 0008: 06 00 00 7fff0000 ret ALLOW 0009: 20 00 00 00000000 ld data.syscall-number 000a: 15 01 00 00000029 jeq socket 000c (false 000b) 000b: 06 00 00 7fff0000 ret ALLOW 000c: 20 00 00 00000010 ld data.args[0] 000d: 15 00 01 00000001 jeq 1 000e (false 000f) 000e: 06 00 00 7fff0000 ret ALLOW 000f: 15 00 01 00000002 jeq 2 0010 (false 0011) 0010: 06 00 00 7fff0000 ret ALLOW 0011: 15 00 01 0000000a jeq a 0012 (false 0013) 0012: 06 00 00 7fff0000 ret ALLOW 0013: 15 00 01 00000010 jeq 10 0014 (false 0015) 0014: 06 00 00 7fff0000 ret ALLOW 0015: 06 00 00 0005005f ret ERRNO(95) configuring 54 seccomp entries in /run/firejail/mnt/seccomp/seccomp.32 sbox run: /usr/lib/firejail/fsec-print /run/firejail/mnt/seccomp/seccomp.32 Dropping all capabilities Drop privileges: pid 31, uid 1000, gid 100, nogroups 1 No supplementary groups line OP JT JF K ================================= 0000: 20 00 00 00000004 ld data.architecture 0001: 15 01 00 40000003 jeq ARCH_32 0003 (false 0002) 0002: 06 00 00 7fff0000 ret ALLOW 0003: 20 00 00 00000000 ld data.syscall-number 0004: 15 30 00 00000015 jeq 15 0035 (false 0005) 0005: 15 2f 00 00000034 jeq 34 0035 (false 0006) 0006: 15 2e 00 0000001a jeq 1a 0035 (false 0007) 0007: 15 2d 00 0000011b jeq 11b 0035 (false 0008) 0008: 15 2c 00 00000155 jeq 155 0035 (false 0009) 0009: 15 2b 00 00000156 jeq 156 0035 (false 000a) 000a: 15 2a 00 0000007f jeq 7f 0035 (false 000b) 000b: 15 29 00 00000080 jeq 80 0035 (false 000c) 000c: 15 28 00 0000015e jeq 15e 0035 (false 000d) 000d: 15 27 00 00000081 jeq 81 0035 (false 000e) 000e: 15 26 00 0000006e jeq 6e 0035 (false 000f) 000f: 15 25 00 00000065 jeq 65 0035 (false 0010) 0010: 15 24 00 00000121 jeq 121 0035 (false 0011) 0011: 15 23 00 00000057 jeq 57 0035 (false 0012) 0012: 15 22 00 00000073 jeq 73 0035 (false 0013) 0013: 15 21 00 00000067 jeq 67 0035 (false 0014) 0014: 15 20 00 0000015b jeq 15b 0035 (false 0015) 0015: 15 1f 00 0000015c jeq 15c 0035 (false 0016) 0016: 15 1e 00 00000087 jeq 87 0035 (false 0017) 0017: 15 1d 00 00000095 jeq 95 0035 (false 0018) 0018: 15 1c 00 0000007c jeq 7c 0035 (false 0019) 0019: 15 1b 00 00000157 jeq 157 0035 (false 001a) 001a: 15 1a 00 000000fd jeq fd 0035 (false 001b) 001b: 15 19 00 00000150 jeq 150 0035 (false 001c) 001c: 15 18 00 00000152 jeq 152 0035 (false 001d) 001d: 15 17 00 0000015d jeq 15d 0035 (false 001e) 001e: 15 16 00 0000011e jeq 11e 0035 (false 001f) 001f: 15 15 00 0000011f jeq 11f 0035 (false 0020) 0020: 15 14 00 00000120 jeq 120 0035 (false 0021) 0021: 15 13 00 00000056 jeq 56 0035 (false 0022) 0022: 15 12 00 00000033 jeq 33 0035 (false 0023) 0023: 15 11 00 0000007b jeq 7b 0035 (false 0024) 0024: 15 10 00 000000d9 jeq d9 0035 (false 0025) 0025: 15 0f 00 000000f5 jeq f5 0035 (false 0026) 0026: 15 0e 00 000000f6 jeq f6 0035 (false 0027) 0027: 15 0d 00 000000f7 jeq f7 0035 (false 0028) 0028: 15 0c 00 000000f8 jeq f8 0035 (false 0029) 0029: 15 0b 00 000000f9 jeq f9 0035 (false 002a) 002a: 15 0a 00 00000101 jeq 101 0035 (false 002b) 002b: 15 09 00 00000112 jeq 112 0035 (false 002c) 002c: 15 08 00 00000114 jeq 114 0035 (false 002d) 002d: 15 07 00 00000126 jeq 126 0035 (false 002e) 002e: 15 06 00 0000013d jeq 13d 0035 (false 002f) 002f: 15 05 00 0000013c jeq 13c 0035 (false 0030) 0030: 15 04 00 0000003d jeq 3d 0035 (false 0031) 0031: 15 03 00 00000058 jeq 58 0035 (false 0032) 0032: 15 02 00 000000a9 jeq a9 0035 (false 0033) 0033: 15 01 00 00000082 jeq 82 0035 (false 0034) 0034: 06 00 00 7fff0000 ret ALLOW 0035: 06 00 00 00050001 ret ERRNO(1) Dual 32/64 bit seccomp filter configured Build default+drop seccomp filter sbox run: /run/firejail/lib/fseccomp default drop /run/firejail/mnt/seccomp/seccomp /run/firejail/mnt/seccomp/seccomp.postexec !chroot Dropping all capabilities Drop privileges: pid 32, uid 1000, gid 100, nogroups 1 No supplementary groups Seccomp list in: !chroot, check list: @default-keep, prelist: unknown, sbox run: /run/firejail/lib/fsec-optimize /run/firejail/mnt/seccomp/seccomp Dropping all capabilities Drop privileges: pid 33, uid 1000, gid 100, nogroups 1 No supplementary groups configuring 73 seccomp entries in /run/firejail/mnt/seccomp/seccomp sbox run: /usr/lib/firejail/fsec-print /run/firejail/mnt/seccomp/seccomp Dropping all capabilities Drop privileges: pid 34, uid 1000, gid 100, nogroups 1 No supplementary groups line OP JT JF K ================================= 0000: 20 00 00 00000004 ld data.architecture 0001: 15 01 00 c000003e jeq ARCH_64 0003 (false 0002) 0002: 06 00 00 7fff0000 ret ALLOW 0003: 20 00 00 00000000 ld data.syscall-number 0004: 35 01 00 40000000 jge X32_ABI 0006 (false 0005) 0005: 35 01 00 00000000 jge read 0007 (false 0006) 0006: 06 00 00 00050001 ret ERRNO(1) 0007: 15 00 01 000000a1 jeq chroot 0008 (false 0009) 0008: 06 00 00 7fff0000 ret ALLOW 0009: 15 3e 00 0000009f jeq adjtimex 0048 (false 000a) 000a: 15 3d 00 00000131 jeq clock_adjtime 0048 (false 000b) 000b: 15 3c 00 000000e3 jeq clock_settime 0048 (false 000c) 000c: 15 3b 00 000000a4 jeq settimeofday 0048 (false 000d) 000d: 15 3a 00 0000009a jeq modify_ldt 0048 (false 000e) 000e: 15 39 00 000000d4 jeq lookup_dcookie 0048 (false 000f) 000f: 15 38 00 0000012a jeq perf_event_open 0048 (false 0010) 0010: 15 37 00 00000137 jeq process_vm_writev 0048 (false 0011) 0011: 15 36 00 000000b0 jeq delete_module 0048 (false 0012) 0012: 15 35 00 00000139 jeq finit_module 0048 (false 0013) 0013: 15 34 00 000000af jeq init_module 0048 (false 0014) 0014: 15 33 00 000000a1 jeq chroot 0048 (false 0015) 0015: 15 32 00 000000a5 jeq mount 0048 (false 0016) 0016: 15 31 00 0000009b jeq pivot_root 0048 (false 0017) 0017: 15 30 00 000000a6 jeq umount2 0048 (false 0018) 0018: 15 2f 00 0000009c jeq _sysctl 0048 (false 0019) 0019: 15 2e 00 000000b7 jeq afs_syscall 0048 (false 001a) 001a: 15 2d 00 000000ae jeq create_module 0048 (false 001b) 001b: 15 2c 00 000000b1 jeq get_kernel_syms 0048 (false 001c) 001c: 15 2b 00 000000b5 jeq getpmsg 0048 (false 001d) 001d: 15 2a 00 000000b6 jeq putpmsg 0048 (false 001e) 001e: 15 29 00 000000b2 jeq query_module 0048 (false 001f) 001f: 15 28 00 000000b9 jeq security 0048 (false 0020) 0020: 15 27 00 0000008b jeq sysfs 0048 (false 0021) 0021: 15 26 00 000000b8 jeq tuxcall 0048 (false 0022) 0022: 15 25 00 00000086 jeq uselib 0048 (false 0023) 0023: 15 24 00 00000088 jeq ustat 0048 (false 0024) 0024: 15 23 00 000000ec jeq vserver 0048 (false 0025) 0025: 15 22 00 000000ad jeq ioperm 0048 (false 0026) 0026: 15 21 00 000000ac jeq iopl 0048 (false 0027) 0027: 15 20 00 000000f6 jeq kexec_load 0048 (false 0028) 0028: 15 1f 00 00000140 jeq kexec_file_load 0048 (false 0029) 0029: 15 1e 00 000000a9 jeq reboot 0048 (false 002a) 002a: 15 1d 00 000000a7 jeq swapon 0048 (false 002b) 002b: 15 1c 00 000000a8 jeq swapoff 0048 (false 002c) 002c: 15 1b 00 00000130 jeq open_by_handle_at 0048 (false 002d) 002d: 15 1a 00 0000012f jeq name_to_handle_at 0048 (false 002e) 002e: 15 19 00 000000fb jeq ioprio_set 0048 (false 002f) 002f: 15 18 00 00000067 jeq syslog 0048 (false 0030) 0030: 15 17 00 0000012c jeq fanotify_init 0048 (false 0031) 0031: 15 16 00 000000f8 jeq add_key 0048 (false 0032) 0032: 15 15 00 000000f9 jeq request_key 0048 (false 0033) 0033: 15 14 00 000000ed jeq mbind 0048 (false 0034) 0034: 15 13 00 00000100 jeq migrate_pages 0048 (false 0035) 0035: 15 12 00 00000117 jeq move_pages 0048 (false 0036) 0036: 15 11 00 000000fa jeq keyctl 0048 (false 0037) 0037: 15 10 00 000000ce jeq io_setup 0048 (false 0038) 0038: 15 0f 00 000000cf jeq io_destroy 0048 (false 0039) 0039: 15 0e 00 000000d0 jeq io_getevents 0048 (false 003a) 003a: 15 0d 00 000000d1 jeq io_submit 0048 (false 003b) 003b: 15 0c 00 000000d2 jeq io_cancel 0048 (false 003c) 003c: 15 0b 00 000000d8 jeq remap_file_pages 0048 (false 003d) 003d: 15 0a 00 00000143 jeq userfaultfd 0048 (false 003e) 003e: 15 09 00 000000a3 jeq acct 0048 (false 003f) 003f: 15 08 00 00000141 jeq bpf 0048 (false 0040) 0040: 15 07 00 000000b4 jeq nfsservctl 0048 (false 0041) 0041: 15 06 00 000000ab jeq setdomainname 0048 (false 0042) 0042: 15 05 00 000000aa jeq sethostname 0048 (false 0043) 0043: 15 04 00 00000099 jeq vhangup 0048 (false 0044) 0044: 15 03 00 00000065 jeq ptrace 0048 (false 0045) 0045: 15 02 00 00000087 jeq personality 0048 (false 0046) 0046: 15 01 00 00000136 jeq process_vm_readv 0048 (false 0047) 0047: 06 00 00 7fff0000 ret ALLOW 0048: 06 00 00 00050001 ret ERRNO(1) seccomp filter configured Mounting read-only /run/firejail/mnt/seccomp 4413 1702 0:50 /seccomp /run/firejail/mnt/seccomp ro,nosuid - tmpfs tmpfs rw,mode=755,inode64 mountid=4413 fsname=/seccomp dir=/run/firejail/mnt/seccomp fstype=tmpfs Seccomp directory: ls /run/firejail/mnt/seccomp drwxr-xr-x root root 160 . drwxr-xr-x root root 320 .. -rw-r--r-- 1000 users 584 seccomp -rw-r--r-- 1000 users 432 seccomp.32 -rw-r--r-- 1000 users 114 seccomp.list -rw-r--r-- 1000 users 0 seccomp.postexec -rw-r--r-- 1000 users 0 seccomp.postexec32 -rw-r--r-- 1000 users 176 seccomp.protocol Active seccomp files: cat /run/firejail/mnt/seccomp/seccomp.list /run/firejail/mnt/seccomp/seccomp.protocol /run/firejail/mnt/seccomp/seccomp.32 /run/firejail/mnt/seccomp/seccomp Dropping all capabilities noroot user namespace installed Dropping all capabilities NO_NEW_PRIVS set Drop privileges: pid 1, uid 1000, gid 100, nogroups 0 Supplementary groups: 92 91 Starting application LD_PRELOAD=(null) Running '/usr/bin/lightcord' command through /bin/bash execvp argument 0: /bin/bash execvp argument 1: -c execvp argument 2: '/usr/bin/lightcord' Child process initialized in 2176.19 ms Installing /run/firejail/mnt/seccomp/seccomp seccomp filter Installing /run/firejail/mnt/seccomp/seccomp.32 seccomp filter Installing /run/firejail/mnt/seccomp/seccomp.protocol seccomp filter monitoring pid 35 /home/seonwoo/.config/Lightcord undefined Initializing Lightcord. Version: undefined releaseChannel: stable commit: c2e6f78308e105fb7200783e92271c8e0e465157 Starting with version 0.1.8 because it hasn't been 1 week since the last check. (node:35) [DEP0005] DeprecationWarning: Buffer() is deprecated due to security and usability issues. Please use the Buffer.alloc(), Buffer.allocUnsafe(), or Buffer.from() methods instead. Sandbox monitor: waitpid 35 retval 35 status 0 Sandbox monitor: monitoring 39 monitoring pid 39 ``` </details>

gitea-mirror 2026-05-05 09:18:37 -06:00

• closed this issue
• added the
  notabug
  label

gitea-mirror commented 2026-05-05 09:18:41 -06:00

Author

Owner

Copy link

@rusty-snake commented on GitHub (Jul 10, 2021):

According to the man page, I should be able to mount a tmpfs filesystem on any directory inside my user home directory, without having to run as root.

As long as you own the files, that's true. I wouldn't expect that those files are owned by an other user but checking ls -l is wrong.

Can you reproduce this with firejail --noprofile --tmpfs=~/... true too?

Lightcord is just another Discord client. I copied the discord profile and modified it.

PR welcome ;)

Thought I would use discord-common.profile if it is close enough.

<!-- gh-comment-id:877665400 --> @rusty-snake commented on GitHub (Jul 10, 2021): > According to the man page, I should be able to mount a tmpfs filesystem on any directory inside my user home directory, without having to run as root. As long as you own the files, that's true. I wouldn't expect that those files are owned by an other user but checking `ls -l` is wrong. Can you reproduce this with `firejail --noprofile --tmpfs=~/... true` too? > Lightcord is just another Discord client. I copied the discord profile and modified it. PR welcome ;) Thought I would use discord-common.profile if it is close enough.

gitea-mirror commented 2026-05-05 09:18:42 -06:00

Author

Owner

Copy link

@rusty-snake commented on GitHub (Jul 10, 2021):

Reading profile /home/seonwoo/.config/firejail/globals.local

What's in it?

<!-- gh-comment-id:877666554 --> @rusty-snake commented on GitHub (Jul 10, 2021): > Reading profile /home/seonwoo/.config/firejail/globals.local What's in it?

gitea-mirror commented 2026-05-05 09:18:43 -06:00

Author

Owner

Copy link

@seonwoolee commented on GitHub (Jul 10, 2021):

Oops. The three cache directories were in fact owned by root because I was mounting them as tmpfs via /etc/fstab (though I did have uid=1000,gid=100 - which corresponds to seonwoo:users - in the fstab, so shouldn't they have been owned by me?). I had umounted them before trying to use firejail to mount tmpfs on those directories, but the ownership was still left as root:root.

Taking ownership fixed the issue. Closing.

<!-- gh-comment-id:877673784 --> @seonwoolee commented on GitHub (Jul 10, 2021): Oops. The three cache directories were in fact owned by root because I was mounting them as tmpfs via `/etc/fstab` (though I did have uid=1000,gid=100 - which corresponds to seonwoo:users - in the fstab, so shouldn't they have been owned by me?). I had umounted them before trying to use firejail to mount tmpfs on those directories, but the ownership was still left as root:root. Taking ownership fixed the issue. Closing.

gitea-mirror referenced this issue 2026-05-05 10:20:36 -06:00

[PR #2647] [MERGED] More disable-exec stuff #4465

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

serialize_remounts_v2

landlock_v4

landlock

release-0.9.64

release-0.9.62

gitlab_ci

LTSbase

fred_ctests

docs

0.9.80

0.9.80-rc1

0.9.78

0.9.76

0.9.76-rc4

0.9.76-rc3

0.9.76-rc2

0.9.76-rc1

0.9.74

landlock-split

0.9.72

0.9.72rc1

0.9.70

0.9.68

0.9.68rc1

0.9.66

0.9.66rc1

0.9.64.4

0.9.64.2

0.9.64

0.9.64rc1

0.9.62.4

0.9.62.2

0.9.62

0.9.56.2-LTS

0.9.60

0.9.60-rc1

0.9.58.2

0.9.58

0.9.58-rc1

0.9.56-LTS-release

0.9.56-LTS

0.9.56

0.9.56-rc1

0.9.54

0.9.54-rc2

0.9.54-rc1

0.9.52

0.9.38.12

0.9.50

0.9.50-rc1

0.9.48

0.9.46

0.9.46-rc1

0.9.44.10

0.9.44.8

0.9.44.6

0.9.38.10

0.9.44.4

0.9.38.8

0.9.44.2

0.9.44

0.9.44-rc1

0.9.38.4

0.9.42

0.9.42-rc2

0.9.38.2

0.9.42-rc1

disable-globalcfg

0.9.40

0.9.40-rc1

0.9.38

0.9.38-rc1

0.9.36

0.9.36-rc1

0.9.34

0.9.34-rc1

0.9.32

0.9.32-rc1

0.9.30

0.9.30-rc1

Labels

Clear labels   

LTS merge

  

LTS merge

  

bug

  

bug

  

converted-to-discussion

  

doc-todo

  

documentation

  

duplicate

  

enhancement

  

file-transfer

  

firecfg

  

firejail-in-firejail

  

firetools

  

graphics

  

help wanted

  

information_old

  

installation

  

invalid

  

modif

  

moved

  

needinfo

  

networking

  

notabug

  

notourbug

  

old-version

  

overlayfs

  

packaging

  

profile-request

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

question_old

  

removal

  

runtime-permissions

  

sandbox-ipc

  

security

  

stale

  

wiki

  

wiki

  

wontfix

  

wordpress

  

workaround

No labels

LTS merge

LTS merge

bug

bug

converted-to-discussion

doc-todo

documentation

duplicate

enhancement

file-transfer

firecfg

firejail-in-firejail

firetools

graphics

help wanted

information_old

installation

invalid

modif

moved

needinfo

networking

notabug

notourbug

old-version

overlayfs

packaging

profile-request

pull-request

question

question_old

removal

runtime-permissions

sandbox-ipc

security

stale

wiki

wiki

wontfix

wordpress

workaround

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#2647

No description provided.